- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-16-2020 02:22 PM
I do not know if you are still looking for a resolution, but I have placed answers to some of your questions below:
The public load balancer forwards the traffic to the VM-Series. The load balancer itself is comprised of 3 major components.
The load balancer is just forwarding traffic from 140.242.125.50:80 to the VM-Series untrust interfaces (private IP). When the VM-Series receives the request, the firewall DNATs the traffic to the internal address in Azure. We must also apply a dynami SNAT on the policy. This is required because the public load balancer does not maintain flow symmetry. The SNAT guarantee's synchronous responses for a given request.
This post may also answer your question on how to NAT inbound traffic from a public LB: https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/active-active-gateways-in-azure-a...