Multiple Static Route(s) for PA-VM in Azure

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Multiple Static Route(s) for PA-VM in Azure

L0 Member

Hello all!

I have successfully deployed a PA VM-300 in our Azure environment and I am a bit confused when it comes to setting up the virtual router for the networks. I've seen a few YouTube videos where people configure one VR with two or more static routes and others with multiple VRs, for example. Untrusted-vr & trust-vr. I have listed a few screenshots of what I have configured but I am still unsure.

 

PA MGMT (eth 0 in Azure) IP: 172.27.192.0 /23

PA Untrusted Eth1 (eth 1 in Azure) IP: 172.27.194.0 /23

PA Trusted Eth 2 (eth 2 in Azure) IP: 172.27.196.0 /23

 

For those who have successfully done a PA VM in Azure before, could you kindly share your experience and configuration, please?

 

Thanks!

2 REPLIES 2

Hi @FreddyCalderon ,

The separate VRs are required depending if you are using internal and external LBs.

Azure LB is using same IP 168.63.129.16 to source LB healt probes. I am guessin the videos you have looked they are deploying redundant pair of standalone firewalls. Where using internal LB traffic is routed over the firewalls. If you need inbound traffic you will to deploy extenal LB as well.

So if you use single VR your probes will fail (because the FW will not know to which interface it should send the response). For that reason you configure two VRs and put static route for 168.63.129.16 pointing to the respectful interface.

 

There is no other real reason to create separate VRs. If you don't use LBs you don't need separate VRs.

Hi Aleksandar,

 

Thank you for much for your explanation. Makes sense now. I appreciate your input.

  • 1968 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!