OCI: Health status of PA-VM deployed behind the public load balancer shows “Unknown/Critical”

OCI: Health status of PA-VM deployed behind the public load balancer shows “Unknown/Critical”

0
Created On 03/19/20 01:57 AM - Last Modified 07/19/22 23:17 PM


Symptom


  • Health check to PA-VM firewall behind the public load balancer shows critical although we see the sessions in the session browser
  • Verify if the Load Balancers have Listeners configure.
User-added image
  •   Ensure below Health check config for the Load Balancer:
       - URL PATH (URI) is set to /php/login.php
       - Status Code is set to 200
      Networking > Load Balancers > Load Balancer Details > Backend Sets > Backend Set Details
User-added image
User-added image
  • Check the corresponding Backend set and look for PA-VM under below path:
    Networking > Load Balancers > Backend Sets > Backend Set Details > Backends
               User-added image
  • Note the IP address and check the PA-VM instance for the vNIC that has the IP address seen in “Backends” under
    Compute > Instances > Instance Details > Attached vNICs
User-added image
  • Check for the untrust interface on the firewall and verify the Interface Management profile, notice http service is not enabled
User-added image

Environment


  • Platform: PA-VM
  • PAN-OS / Plugin Version: Any
  • Deployment: Any

Cause


  • HTTP service was not enabled in the interface management profile that was attached to the interface connected to the Load Balancer.

Resolution


  • Enable HTTP service in the Management Profile attached to the interface that connects to the OCI Load Balancer
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPAECA4&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail