08-09-2021 08:23 PM - edited 08-09-2021 09:07 PM
Hi there,
We have deployed PA-VM in Azure and there are other 4 VMs within the same vnet. There are NSGs on each interface of PA (mgmt, trusted, untrusted) and also on the VMs. There is allowed-all rule in the PA with intrazone default rule logging enabled. Ping is also enabled. There is no switch or other device between the VMs and PA. Routing table has Next hop address of PA trusted Interface.
However, we have noticed that ping/tracert to Trusted interface (10.8.1x.x) from the VMs (for example, 10.8.1.3 and 10.8.2.3) are failing. Ping to 10.8.1.3 and 10.8.2.3 is successful. Tried removing the NSG but no luck. For all the VMs, Src and Dest Address is set as Any in Azure.
Because of this, internal VMs cannot access the Internet.
Any help would be appreciated!
C:\Windows\system32>ping 10.8.1x.x
Pinging 10.8.1x.x with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.8.1x.x:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
08-12-2021 04:20 AM
Hi @reaper
Sorry I deleted my previous post as it was the response from another discussion that I have created.
I have solved this issue (ping fails in same subnet) by unticking Packet Buffer Protection.
Global counters:
Elapsed time since last sampling: 34.223 seconds
name value rate severity category aspect description
--------------------------------------------------------------------------------
pkt_recv 32 0 info packet pktproc Packets received
flow_dos_pbp_drop 57 1 drop flow dos Packets dropped: Dropped by packet buffer protection RED
flow_dos_drop_ip_blocked 11 0 drop flow dos Packets dropped: Flagged for blocking and under block duration by DoS or other modules
--------------------------------------------------------------------------------
Total counters shown: 3
--------------------------------------------------------------------------------
It was enabled by default so didn't catch our attention at first. Not sure, if it is a new thing in ver 10.1.
I will close this thread.
@kiwi sorry about that. Now I know where to post VM/cloud related issues.
Could you pls move this post below of mine as well?
08-12-2021 03:02 AM
Hi @Connected123 ,
In order to get better traction for this, I have moved this discussion to the VM Series in the public cloud area.
Cheers,
-Kiwi
08-12-2021 03:14 AM
Didn't azure reserver .1 through .4? Try setting the panw to .5?
08-12-2021 04:20 AM
Hi @reaper
Sorry I deleted my previous post as it was the response from another discussion that I have created.
I have solved this issue (ping fails in same subnet) by unticking Packet Buffer Protection.
Global counters:
Elapsed time since last sampling: 34.223 seconds
name value rate severity category aspect description
--------------------------------------------------------------------------------
pkt_recv 32 0 info packet pktproc Packets received
flow_dos_pbp_drop 57 1 drop flow dos Packets dropped: Dropped by packet buffer protection RED
flow_dos_drop_ip_blocked 11 0 drop flow dos Packets dropped: Flagged for blocking and under block duration by DoS or other modules
--------------------------------------------------------------------------------
Total counters shown: 3
--------------------------------------------------------------------------------
It was enabled by default so didn't catch our attention at first. Not sure, if it is a new thing in ver 10.1.
I will close this thread.
@kiwi sorry about that. Now I know where to post VM/cloud related issues.
Could you pls move this post below of mine as well?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
