I am working on a project to deploy a Cluster of two Palo Alto VM's on Azure. While designing the solution with an internal and external Loadbalancer (you can see the picture in my post) i don't know if i need to configure Public IP address in both Firewall's external interfaces to handle a source NAT for internal resources and also a destination NAT or just put a public IP address in the external loadbalancer only.
We need VPN IPSEC tunnels in the external interfaces, Public IP adresses have to be configured directly on the Firewall in this case? if no (only in external loadbalancer), in the VPN configuration the Peer IP address should be the loadbalancer Public IP address ?
Thank you in advance,
You can enable NAT traversal and use internal IPs on the firewallyou can then use FQDN or userFQDN as local identificationthe remote peernwill need to use the load balancer public IP (or can even have dynamic)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!