- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-09-2022 07:37 AM
We are attempting to internal load balance a pair of VM firewalls in Azure.
The firewalls work when traffic is sent directly to the firewalls. But when the Azure internal load balancer is added into the mix no traffic hits the firewall.
I have searched all over the Palo web sites, the live community and Internet, but have not found instructions on how to configure this. I see references to NATs, sandwiches, lots of public load balance scenarios, but nothing I have been able to use.
We have a third part contractor configuring Azure, as this is new to us. They are also stumped. I have a support case open with Palo but have not been able to get an engineer assigned to it.
Thanks for any help.
02-10-2022 02:30 AM
I've deployed this, which deployment guide did you follow? It was a pain initially but then made sense.
Have you got each interface separated with Virtual routers and static routes for the load balancers in each route table routing traffic for the load balancers back to the subnet gateway?
If you look at the metrics of the load balancer then you will see if the availability of the Interfaces the load balancers are talking to is working.
Azure Transit VNet Design Model Deployment Guide (paloaltonetworks.com) is an extensive guide pick what you need, sounds like its the virtual routers and the Load balancer availability checking tripping you up.
03-03-2023 08:51 AM
Palo Alto devices need to have 2 VRs one for trust mapped to the trust interface and one for untrust mapped to untrust interface. The reason for this is the health probes configuration.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!