Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
419 questions
Palo VM firewall drop packets behind Azure load balancer
Vanessa Xu
0
Reputation points
The topoplogy is
spoke subnet ---> Aure LB ---> 2x Palo VM firewalls -> express route --> on-prem Palo firewall --> on-prem server
user at spok subnet send files to onprem is very slow. we did iperf test from a subnet in the spoke vnet to an onprem test server. There are drops on both of the firewalls that behind the LB. The dropped packets are normal tcp ack, fin-ack, rst ack cwr, and tcp retrsnmission.
we did another iperf test from a different subnet in the same spoke vnet and skip the Azure LB , just go through one of the Palo vm firewall. Then there is no drops on this Palo firewall.
also, there is no drop on the on-prem palo firewall.
what could cause the drop on the palo vm firewalls when behind the Azure LB? could anyone help? Thank you!
{count} votes
-
KapilAnanth-MSFT 39,446 Reputation points Microsoft Employee2024-07-04T04:34:06.3633333+00:00 Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
Can you please confirm how exactly are you identifying there is a packet drop at the Azure Palo Alto Firewall NVAs?
- Are you saying the packets never reached the Azure Palo Alto Firewall NVAs?
- Or they are reaching the Azure Palo Alto Firewall NVAs and are dropped after that.
Cheers,
Kapil
Sign in to comment