search

PaloAltoNetworks / Azure-GWLB

Template for deploying Palo Alto VM Series FW with Azure Gateway Load Balancer
6 stars 10 forks source link

GWLB Health probe fails #7

Open mikeoleary opened 1 year ago

mikeoleary commented 1 year ago

Describe the bug

The health probe configured in the GWLB is a TCP check on port 80. This is failing, so GWLB believes that PaloAlto firewall is down.

Expected behavior

I expect the health check to succeed.

Current behavior

Because the health probe fails, traffic cannot traverse the GWLB service chain.

Steps to reproduce

  1. Deploy this ARM template to deploy App Stack and Security Stack.
  2. Ensure that service chain is correctly configured. I.e., that the frontendIP of the PublicLB is referencing the frontendIP of the SecurityLB.
  3. Attempt to reach your application. It fails.
  4. Remove the service chaining. Ie., remove the GWLB reference from the Public LB.
  5. Attempt to reach your application. It succeeds (but does not traverse the PaloAlto firewall).
welcome-to-palo-alto-networks[bot] commented 1 year ago

:tada: Thanks for opening your first issue here! Welcome to the community!