We are attempting to internal load balance a pair of VM firewalls in Azure.
The firewalls work when traffic is sent directly to the firewalls. But when the Azure internal load balancer is added into the mix no traffic hits the firewall.
I have searched all over the Palo web sites, the live community and Internet, but have not found instructions on how to configure this. I see references to NATs, sandwiches, lots of public load balance scenarios, but nothing I have been able to use.
We have a third part contractor configuring Azure, as this is new to us. They are also stumped. I have a support case open with Palo but have not been able to get an engineer assigned to it.
Thanks for any help.
I've deployed this, which deployment guide did you follow? It was a pain initially but then made sense.
Have you got each interface separated with Virtual routers and static routes for the load balancers in each route table routing traffic for the load balancers back to the subnet gateway?
If you look at the metrics of the load balancer then you will see if the availability of the Interfaces the load balancers are talking to is working.
Azure Transit VNet Design Model Deployment Guide (paloaltonetworks.com) is an extensive guide pick what you need, sounds like its the virtual routers and the Load balancer availability checking tripping you up.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!