No network connectivity after successful Azure Active Passive HA failover

No network connectivity after successful Azure Active Passive HA failover

1434
Created On 01/13/21 14:43 PM - Last Modified 08/20/25 20:29 PM


Symptom


  • Azure Active Passive HA failover successfully completed.
  • The floating IP addresses are correctly moved over from FW1 to FW2 with no error
  • Flow basic shows successful packet transmission of 3-way handshake completion. 
  • Although the above things look correct, Azure tenant cannot reach out to internet.
  • GlobalProtect (GP) client can log on GP gateway but with no connectivity.
  • Traffic seems to have been lost in Azure backend.

Environment


  • VM Series Firewalls
  • High Availability (HA) Active/Passive Setup
  • Azure Platform
  • Supported PAN-OS and Plugin versions

Cause


IP forwarding is not turned on on Azure NICs that need to perform NAT.

Resolution


  1. Turn on the IP forwarding on Azure,
  2. On Azure console, go to VM >Network Interface >IP Configuration
  3. Check IP Forwarding is enabled.   
  4. No reboot required.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCINCA4&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language