Azure Load Balancer Session Handover not working

Question

We have a setup were we want to protect all azure network traffic with a NVA (Firewall from a Third Party Vendor)

For Load Balancing the Vendor suggests using a Azure Standard Load Balancer with the NVAs in Backend Pool.

We have setup the Load balancer which forwards the traffic to the NVAs.

When the NVA that is handling the traffic is shut down, all new connections are running over the second NVA, so far so good.
However the traffic of existing connections with existing ports is still sent to the first NVA, which is shut down.

The Load Balancing Rule is configured as follows:

IP Version: IPv4
Frontend IP address: 10.150.0.10
Backend Pool: nva-backend-pool
High Availability ports: Active
Health probe: healthprobe-ssh (TCP:22)
Session persistance: None
Idle Timeout: 4
Enable TCP Reset: Active
Enable Floating IP: Active

We tried using different Session persistance settings, but none worked.

Thank you for your help

Answer 1

@Lukas Müller ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

This is an expected behavior.

See : Probe down behavior

• 
• A probe down signal always allows TCP flows to continue until idle timeout or connection closure in a Standard Load Balancer.

The recommendation here is to make sure the instance signals the load balancer whether or not it should receive new connections.

• See : Design guidance
• 

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil

---

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.