11-28-2017 06:17 AM
Hello... is it possible to install that Azure Network Watcher VM extension to enable traces and packet captures from the PA VM to the Azure gateway? It would be handy to help troubleshoot connectivity issues between the PA and the GW. Thank you.
11-28-2017 06:39 AM
Hi eosminer,
The VM Series supports packet captures natively within the operating system:
Here is a link to more detailed information about how to run packet captures from the console or ui:
https://live.paloaltonetworks.com/t5/Learning-Articles/How-to-Run-a-Packet-Capture/ta-p/62390
-kb
11-28-2017 06:45 AM
Azure Network Watcher looks beyond the PA, however requires the extension to be installed on the PA for it to work. It allows a capture past the PA through the Azure infrastructure. Not a great solution from Microsoft, but it's what I have.
10-06-2021 08:53 AM
Hello, did you get an answer to this? we want to do the same but our CSP is advising this is not possible.
let me know please if you managed it.
Thanks
Ryan
10-21-2021 07:25 AM - edited 10-21-2021 07:29 AM
I also need to do this. Network Watcher works fine between Azure VMs, but it's not possible to add the extension on a Palo Alto VM. I see my traffic arrive on the PA, but need to trace it onwards to the Azure VM, but can't. It seems that I have correct NSG setup, but cannot get to the VM. Packet capture in PA is clunky with wireshark, I just need a simple view of what's happening.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
