The documentation seems a bit light on detail. I have created a Service Principle in Azure and entered the data into my two firewalls as per these documents: https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-azure/configure-activepassive-ha-for-vm-series-firewall-on-azure https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal The firewalls validate successfully. However, during failover, the secondary IP addresses dont move. Should there be some config on the firewalls to say "move secondary IP addresses of interfaces A, B, C, and move public IP"? Would there be corresponding config within Azure? How does the system know which interfaces need their addressing changed?
... View more