AZURE HEROES
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
      • Azure Heroes Sessions #5
      • Azure Heroes Sessions #6
      • Azure Heroes Sessions #7
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
    • Azure Heroes Sessions #9
    • Azure Heroes Sessions #10
    • Azure Heroes Sessions #11
    • Azure Heroes Sessions #12
    • Azure Heroes Sessions #13
    • Azure Heroes Sessions #14
    • Azure Heroes Sessions #15
    • Azure Heroes Sessions #16
    • Azure Heroes Sessions #17
    • Azure Heroes Sessions #18
  • Registration Form
  • Privacy Policy
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
      • Azure Heroes Sessions #5
      • Azure Heroes Sessions #6
      • Azure Heroes Sessions #7
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
    • Azure Heroes Sessions #9
    • Azure Heroes Sessions #10
    • Azure Heroes Sessions #11
    • Azure Heroes Sessions #12
    • Azure Heroes Sessions #13
    • Azure Heroes Sessions #14
    • Azure Heroes Sessions #15
    • Azure Heroes Sessions #16
    • Azure Heroes Sessions #17
    • Azure Heroes Sessions #18
  • Registration Form
  • Privacy Policy

Set up Active/Passive Palo Alto DataCenter Firewall on Azure - Part Two

10/12/2020

5 Comments

 
In the Previous Post, I've explained how to setup Palo Alto VMs in the same resource group including the network configuration and other configuration.

In this post, I will explain how to configure the Active and Passive Node from Azure side

Take a Look on the below design which is shared on Palo Alto Portal, as we will follow almost the same
Picture
As we can see from the below NICs Configuration on my Palo Alto Nodes, we have:
  1. Trust Interface
  2. Untrust Interface
  3. MGMT Interface
  4. I have added a new NIC named "HA-Interface" - Make sure to Power off and stop the VM in order to add a new NIC - You can refer to this Guide on how to add a new NIC
Picture
There is a small configuration should be done on azure AD before jumping into the Palo Alto HA Configuration, which is creating an APP and register with the right permission in order to make the Resources "IP" floating between both Firewall Nodes, let's do it:
1- Login to Azure Portal
2- Click on Azure AD
Picture
3- From App registration > Click on +New registration
Picture
Picture
4- Enter the App name and you can leave the rest of the options as a default, once App is created make sure to write down these configuration (highlighted in Yellow) as you will use them in Palo Alto Configuration
Picture
5- Next step is to create a Key secret, go to Certificates & Secret  > Client Secret > New Client Secret
Picture
6- Enter the Client Description and I Recommended to set the Expires Value "Never"
Picture
7- Next Step is to Add API Permissions, from API Permissions > + Add a Permission > Select Microsoft Graph
Picture
8- Add the permissions as above figure
9- After that, we need to add permissions on the subscription level for the deployed APP
10- Go to Home > Subscriptions
Picture
11- Access Control (IAM) > +Add > Add Role Assignment
Picture
Picture
12- Select Contributor Role  and from Select > select the App name
13- Done.
Now We will Add the new Floating IP on the Node 1
1- Go to the Palo Alto VM Node 1 > Select Networking
Picture
2- You will see the 4 Network interfaces which we have added before
3- Click on the Untrust "Second NIC" > a new windows will open
Picture
4- From IP Configurations > Click on Add
5- Enter the Private floating IP Name e.g 192.168.10.100
6- Click on Create
7- Repeat the Steps for the Trust NIC as Well
Note: With floating IP address, it can quickly move the IP address from the active firewall to the passive firewall during failover. You will also need HA links – a control link and data link to synchronize data and maintain state information between the peers for the passive firewall to seamlessly secure traffic as soon as it becomes the active peer.
Picture
Next Step is to Login to Palo Alto Firewall and start the initial configuration and it will be the last Part :)
5 Comments
Edor ghzabli
10/13/2020 06:23:54 pm

Good explanation, waiting part 3 👍
Kudos

Reply
Mostada Shahat
10/15/2020 01:30:23 am

Well done

Reply
zee link
9/28/2022 12:28:06 pm

Thank you so much, do you have the next part please

Reply
readaboutgirls link
10/24/2022 07:16:00 pm

I reviewed your blog it's really good. thanks a lot for the information about this blog. I want more information.

Reply
Chino Solar Panels link
5/26/2024 03:43:27 am

Awesomee blog you have here

Reply



Leave a Reply.

    Author

    Mohammad Al Rousan is a Microsoft MVP (Azure), Microsoft Certified Solution Expert (MCSE) in Cloud Platform & Azure DevOps & Infrastructure, An active community blogger and speaker. Al Rousan has over 11 years of professional experience in IT Infrastructure and very passionate about Microsoft technologies and products.

    Picture
    Picture
    Top 10 Microsoft Azure Blogs

    Archives

    January 2025
    December 2024
    November 2024
    October 2024
    September 2024
    July 2024
    June 2024
    May 2024
    April 2024
    February 2024
    September 2023
    August 2023
    May 2023
    November 2022
    October 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    May 2021
    February 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    June 2020
    April 2020
    January 2020
    July 2019
    June 2019
    May 2019
    February 2019
    January 2019

    Categories

    All
    AKS
    Azure
    Beginner
    CDN
    DevOps
    End Of Support
    Fundamentals
    Guide
    Hybrid
    License
    Migration
    Network
    Security
    SQL
    Storage
    Virtual Machines
    WAF

    RSS Feed

    Follow
    Free counters!
Powered by Create your own unique website with customizable templates.