Azure - no traffic to untrust public ip

Reply
Highlighted
L1 Bithead

Re: Azure - no traffic to untrust public ip

I tried the checkbox a few times and it didn't work. Not sure why though.

L4 Transporter

Re: Azure - no traffic to untrust public ip

The documentation is updated to show you how to add a default route in Step 7-5:  https://www.paloaltonetworks.com/documentation/81/virtualization/virtualization/set-up-the-vm-series...

Highlighted
L2 Linker

Re: Azure - no traffic to untrust public ip

I'm having a similar issue. For the untrust (internet facing) interface, shouldnt it be using the assigned public ip and have x.x.x.1 (public IP) set as its next hop static route?

 

EDIT: looking through the palo deployment guide, its says the following regarding the untrust interface:

On the IPv4 tab, select DHCP Client.  if you plan to assign only one IP address on the interface—the firewall will automatically acquire the private IP address assigned in the ARM template. If you plan to assign more than one IP address, select Static

 and manually enter the primary and secondary IP addresses assigned to the interface on the Azure portal.

 

Why would this specify 'private' ip address? Being the internet interface, shouldnt it be using the public assigned address?

Highlighted
L2 Linker

Re: Azure - no traffic to untrust public ip

It turns out that all of the public to private address translation is done by Azure. The firewall need only be configured with private ip addressing and routing.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!