Azure AppGateway thinks VM Series firewall is unhealthy

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure AppGateway thinks VM Series firewall is unhealthy

L0 Member

I am implementing this scenrio

 

https://github.com/PaloAltoNetworks/azure-applicationgateway

 

Here is the flow of traffic

 

internet->App Gateway(public ip)->VM Series-> ILB->Web Servers(4)

 

I only have 1 firewall appliance for now.

 

Azure application gateway connects with Palo Alto VM Series over port 80.

Application gateway keeps on thinking that firewall VM is unhealthy.

There is no custom probe configured in the template above.

So it expects HTTP 200 but is not getting it.

AppGateway only supports HTTP and HTTPS in the backend.

 

Perhaps this error is due to missing configuration in the firewall.

What type of configuration do I need to do in the firewall to return valid response over port 80 so it appears healthy to app gateway.

 

I have define UnTrust and Trust zones

I have configured the Interfaces

I have configured NAT with a static route.

 

I created a linux VM in the same subnet as the internal load balancer and web servers.

I can curl successfully to the website and get HTTP 200.

I have verified that VM Series firewall VM does allow 

 

What needs to happen in the firewall VM it it respond with http 200 to the health checks from application gateway?

 

Thanks

1 REPLY 1

L5 Sessionator

If this is a default build in Github then you should be able to reach out to Palo Alto NEtworks TAC for support. The GitHub Read me page will list the support policy of whether the GitHub template you are deploying is community supported or Officially TAC supported. 

  • 3005 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!