Azure - no traffic to untrust public ip

L1 Bithead

I tried the checkbox a few times and it didn't work. Not sure why though.

L4 Transporter

The documentation is updated to show you how to add a default route in Step 7-5:

L3 Networker

I'm having a similar issue. For the untrust (internet facing) interface, shouldnt it be using the assigned public ip and have x.x.x.1 (public IP) set as its next hop static route?


EDIT: looking through the palo deployment guide, its says the following regarding the untrust interface:

On the IPv4 tab, select DHCP Client.  if you plan to assign only one IP address on the interface—the firewall will automatically acquire the private IP address assigned in the ARM template. If you plan to assign more than one IP address, select Static

 and manually enter the primary and secondary IP addresses assigned to the interface on the Azure portal.


Why would this specify 'private' ip address? Being the internet interface, shouldnt it be using the public assigned address?

L3 Networker

It turns out that all of the public to private address translation is done by Azure. The firewall need only be configured with private ip addressing and routing.

L0 Member

Thanks for the update. But you should be able to check DHCP option to add the default route and for the most part that will work. Tyson vs Jones Live Thanks again and take care.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!