OCI: Health status of PA-VM deployed behind the public load balancer shows “Unknown/Critical”
0
Created On 03/19/20 01:57 AM - Last Modified 07/19/22 23:17 PM
Symptom
- Health check to PA-VM firewall behind the public load balancer shows critical although we see the sessions in the session browser
- Verify if the Load Balancers have Listeners configure.
- Ensure below Health check config for the Load Balancer:
- URL PATH (URI) is set to /php/login.php
- Status Code is set to 200
Networking > Load Balancers > Load Balancer Details > Backend Sets > Backend Set Details
- Check the corresponding Backend set and look for PA-VM under below path:
Networking > Load Balancers > Backend Sets > Backend Set Details > Backends
- Note the IP address and check the PA-VM instance for the vNIC that has the IP address seen in “Backends” under
Compute > Instances > Instance Details > Attached vNICs
- Check for the untrust interface on the firewall and verify the Interface Management profile, notice http service is not enabled
Environment
- Platform: PA-VM
- PAN-OS / Plugin Version: Any
- Deployment: Any
Cause
- HTTP service was not enabled in the interface management profile that was attached to the interface connected to the Load Balancer.
Resolution
- Enable HTTP service in the Management Profile attached to the interface that connects to the OCI Load Balancer