This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

VM-Series on Azure - Packets received 0

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

VM-Series on Azure - Packets received 0

jeromecarrier
L3 Networker

‎04-01-2023 05:28 AM

Hello

 

I would like to have your support. I deployed the following architecture in Azure. We have only 1 VM-Series at the moment. Based on the PA document for Azure, I created a Private subnet in vNet Hub zone (similar as the transit zone in the PA documentation). I created DSI and Project vNet with peering with Hub vNeet. We deployed an Azure internal LB for traffic between DSI&Project and Private vNet.  The  Frontend IP is 10.110.0.21 and the backend is the VM-series interface eth1/2 (10.110.0.4). I created route table for DSI and Project vNet with a default route to the IP address of LB (10.110.0.21).It's working without issue. From On-prem, I'm able to contact the servers in these zones. 

 

I added a new subnet (10.115.0.0/24) named "PrivateDMZ" in vNet Hub Zone and I created a new vNet "DMZ_PRIVATE" with peering with Hub Zone. I reproduced the same conf than before. I added entries in the Azure LB with Frondtend IP address 10.115.0.21 with backends the IP address of eth1/4 (10.115.0.4) I configured a route table for DMZ_PRIVATE vNet with a default route to 10.115.0.21. On VM-Series, I created virtual router dedicated for Private zone and another one for PrivateDMZ. I added the probe on each vr. All statics routes have been added (I checked many times). On the Azure Load Balancer, the health seems to be good without issue. But, from on-prem, when I try to contact server in DMZ, the connection is fail even if the traffic is allowed. In the log, the packet received is 0. 

 

Do you know what is the issue and why it's not working ?

 

BR

 

jeromecarrier_0-1680351707036.png

 

Prive LB conf

jeromecarrier_1-1680351816984.png

jeromecarrier_2-1680351837151.png

 

 

0 Likes Likes
1 REPLY 1

seb_rupik
L4 Transporter

‎04-04-2023 02:58 AM

Hi there,

Which virtual router is Eth1/4 a member of? From your description it sounds like you have three virtual routers, default(?), Private and PrivateDMZ. Have you configured routing between them? Have you configured security policies to allow the required traffic between the VRs?

 

cheers,

Seb.

0 Likes Likes
  • 1247 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks