This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Certain TCP traffic not showing at the Azure Palo firewalls.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Certain TCP traffic not showing at the Azure Palo firewalls.

Vanessaxu
L1 Bithead

‎02-27-2024 12:01 PM

Certain TCP traffic not showing at the Azure Palo firewalls.

There are tcp traffic from on-prem to Azure test subnet vm.

The connection path is as below: on-prem user laptop -> onprem palo fw -> express route ->Azure Palo fw -> test vm.

There is no NSG on any of the interfaces at Azure side.

The RDP traffic from the on-prem user laptop can reach the test vm no problem (tcp 3389).

The smb (i.e. TCP 139) traffic from the on-prem user laptop can only shown at the on-prem fw log, showing it was allowed and went out the same path to the express route, but timeout status.

The smb traffic is not showing at the Azure palo fw. ( why the smb traffic disappeared after existing the on-prem fw?)

The only difference is the on-prem laptop (prd domain) and the azure vm (test domain) belong to different AD domain controllers, with the same domain name.

No drop packets on either palo fw.

0 Likes Likes
4 REPLIES 4

kiwi
Community Team Member

‎02-28-2024 04:17 AM

Hi @Vanessaxu ,

 

Is the traffic actually reaching the Azure fw or is it going lost in transit ? Can you check with a PCAP ?

Have you checked the global counters ? There might be drops there that don't show up in traffic log.

 

How to check global counters for a specific source and destination IP address 

 

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

Vanessaxu
L1 Bithead

‎03-22-2024 10:41 AM

not sure if reach Azure palo firewall since it's the Azure file sync service.  Not to a VM. 

0 Likes Likes

Vanessaxu
L1 Bithead
In response to kiwi

‎03-22-2024 12:24 PM

did a pcap, can't see the traffic incoming either.

0 Likes Likes

Vanessaxu
L1 Bithead

‎03-27-2024 07:41 AM

forced traffic to the test vm via VPN, the traffic shows on the Azure Palo firewall log. Seems the the express route blocks certain traffic. 

0 Likes Likes
  • 586 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks