12-27-2022 02:18 AM
Hello Community,
I want to deploy Palo Alto VM Series firewall Infront of some workloads already existing on my Azure tenant and still ensure that services calling the workloads use the existing public IP Addresses assigned to these workloads when the traffic passes through the VM Series firewall.
It is easier to deploy when workloads haven't been provisioned and are not accessible via the internet using their public IP Addresses but instances where you already have a workload with an assigned public IP Address which have to disassociate from the host and assign to the VM Series firewall is a bit of a challenge.
I havent seen how I can reserve this public IP Address on workloads then assign them as public IP address on the VM series firewall, maybe on the secondary interface so that I can configure a destination NAT on the firewall.
Looking for support from the community on this.
Thank You!
01-04-2023 07:51 AM
Hi,
You should have a look on the Azure Gateway Loadbalancer option
So you can keep the PIP on your exsting workload, you just need to Chain the PIP to the Gateway Loadbalancer attach to your Palo Alto, Like that the Intenet traffic will go via the FW
BR//Julie
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
