Moving public IP from VM to Palo Alto in Azure

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Moving public IP from VM to Palo Alto in Azure

L0 Member

We deployed a Palo Alto VM-300 in an existing Azure tenancy.  During the process to move public IP Addresses from the Virtual Machine to the Palo Alto Untrusted Interface we ran into the following error.  


"Network interface associated with virtual machine does not allow different SKU type for public IP Address in IP configurations"


The public IP address is SKU type Standard.  It appears only Basic SKUs work with the NIC but when you create VMs with public IPs in Azure they default to Standard.  Is there a process to retain the public IP and be able to move it to the Palo Alto Untrusted Interface?


Hi @estoltz ,

I don' think there is a way to assign the public IP directly to the firewall (in fw configuration). You need to put the private IP address (or enable DHCP) that Azure will generate and use that for any NAT rule. Azure will automatically translate that private IP to the public one that is allocated.

L0 Member

Correct.  The problem I'm running into is that some VMs have Standard SKU public IPs but it seems Palo Alto only supports Basic public IPs to be assigned to the private IP assigned to the untrusted interface.  I'm trying to determine if there is a way to support standard public IPs instead of just basic.  

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!