I have successfully deployed a PA VM-300 in our Azure environment and I am a bit confused when it comes to setting up the virtual router for the networks. I've seen a few YouTube videos where people configure one VR with two or more static routes and others with multiple VRs, for example. Untrusted-vr & trust-vr. I have listed a few screenshots of what I have configured but I am still unsure.
PA MGMT (eth 0 in Azure) IP: 172.27.192.0 /23
PA Untrusted Eth1 (eth 1 in Azure) IP: 172.27.194.0 /23
PA Trusted Eth 2 (eth 2 in Azure) IP: 172.27.196.0 /23
For those who have successfully done a PA VM in Azure before, could you kindly share your experience and configuration, please?
Hi @FreddyCalderon ,
The separate VRs are required depending if you are using internal and external LBs.
Azure LB is using same IP 126.96.36.199 to source LB healt probes. I am guessin the videos you have looked they are deploying redundant pair of standalone firewalls. Where using internal LB traffic is routed over the firewalls. If you need inbound traffic you will to deploy extenal LB as well.
So if you use single VR your probes will fail (because the FW will not know to which interface it should send the response). For that reason you configure two VRs and put static route for 188.8.131.52 pointing to the respectful interface.
There is no other real reason to create separate VRs. If you don't use LBs you don't need separate VRs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!