Azure internal load balancer and VM firewalls not working

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure internal load balancer and VM firewalls not working

L1 Bithead

We are attempting to internal load balance a pair of VM firewalls in Azure.

 

The firewalls work when traffic is sent directly to the firewalls.  But when the Azure internal load balancer is added into the mix no traffic hits the firewall.

 

I have searched all over the Palo web sites, the live community and Internet, but have not found instructions on how to configure this.  I see references to NATs, sandwiches, lots of public load balance scenarios, but nothing I have been able to use.

 

We have a third part contractor configuring Azure, as this is new to us.  They are also stumped.  I have a support case open with Palo but have not been able to get an engineer assigned to it.

 

Thanks for any help.

3 REPLIES 3

L0 Member

I've deployed this, which deployment guide did you follow? It was a pain initially but then made sense.

 

Have you got each interface separated with Virtual routers and static routes for the load balancers in each route table routing traffic for the load balancers back to the subnet gateway?

 

If you look at the metrics of the load balancer then you will see if the availability of the Interfaces the load balancers are talking to is working.

 

Azure Transit VNet Design Model Deployment Guide (paloaltonetworks.com) is an extensive guide pick what you need, sounds like its the virtual routers and the Load balancer availability checking tripping you up. 

 

 

L0 Member

Hi Steve 

I am also having same issue 

You mentioned "have you separated each interface" 

Which interfaces are you referring to ?

 

Palo Alto devices need to have 2 VRs one for trust mapped to the trust interface and one for untrust mapped to untrust interface. The reason for this is the health probes configuration. 

 

  • 4960 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!