Case Studies: VM-Series on Azure

Case Studies: VM-Series on Azure

8433

Created On 03/26/20 19:03 PM - Last Modified 04/06/20 23:55 PM

Microsoft Azure

Microsoft Azure Government Cloud

Plugins

Public Cloud

PAN-OS

VM-Series

Question

Purpose

This document serves as a case study guide for most common issues reported on VM-Series Deployments on Microsoft Azure.

Answer

Content

Contents of this document include the following case studies for VM-Series Deployments on Azure.

1. High Availability

1.1 Secondary IP(s) of Azure Network Interface(s) do not move to newly active unit upon HA failover

1.2 Secondary IP(s) of Azure Network Interface(s) does not move to newly active unit due to DNS issues

1.3 Secondary IP(s) of Azure Network Interface(s) do not move to newly active unit with message “Get Request Failed: 404”

1.4 Secondary IP(s) of Azure Network Interface(s) do not move to newly active unit with message “Put Request Failed: 429”

1.5 Azure network interface in Failed status after failover

1.6 Secondary IP(s) of Azure Network Interface(s) do not move to newly active unit due to “Failed to get Azure Access Token”

2. IPsec VPN

2.1 IKE Phase-1 negotiation failure due to missing identification

2.2 Throughput across IPsec tunnel is limited to 600 Mbps

2.3 IPsec tunnel is down due to IKE Phase-1 failures

3. Routing & NAT

3.1 Unable to reach specific destination/subnet within Azure

3.2 Return traffic is not seen on PA-VM

4. Miscellaneous

4.1 PA-VM integration with Azure Security Center not working

4.2 PA-VM stuck in MAINT mode

4.3 Latency through PA-VM with counter 'pkt_tp_status_def' and 'pkt_sent_dev_err'

4.4 Health probe failure on Load Balancer

5. Bootstrapping

5.1 PA-VM deployed through bootstrapping not getting license

5.2 Bootstrapping is failing for PA-VM deployed in Azure because of DNS issue

5.3 Bootstrapping is failing for PA-VM deployed in Azure because of Internet issue