You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/partner-solutions/palo-alto/palo-alto-application-gateway.md
+1-9Lines changed: 1 addition & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,8 +24,6 @@ For web applications, you benefit from using Application Gateway as both a rever
24
24
25
25
Application Gateway also offers WAF capabilities to look for patterns that indicate an attack at the web application layer. For more information about Application Gateway features, see the [service documentation](/azure/application-gateway).
26
26
27
-
:::image type="content" source="media/palo-alto-app-gateway/palo-alto-app-gateway.png" alt-text="Diagram that shows a high-level architecture with Application Gateway.":::
28
-
29
27
Cloud NGFW for Azure supports two deployment architectures:
30
28
31
29
- Hub-and-spoke virtual network
@@ -41,8 +39,6 @@ Application Gateway is deployed in a dedicated virtual network with a front end
41
39
42
40
Similar to spoke virtual networks, the Application Gateway virtual network must be peered with the hub virtual network to ensure that the traffic can be routed toward the destination spoke virtual network.
43
41
44
-
:::image type="content" source="media/palo-alto-app-gateway/palo-alto-app-gateway-vnet.png" alt-text="Diagram that shows a Cloud NGFW for Azure architecture with Application Gateway in a hub-and-spoke virtual network deployment.":::
45
-
46
42
To force incoming web traffic through the Cloud NGFW for Azure resource, you must create a user-defined route and associate it with the Application Gateway subnet. The next hop in this case is the private IP address of Cloud NGFW for Azure. You can find this address by selecting **Overview** from the resource menu in the Azure portal.
47
43
48
44
:::image type="content" source="media/palo-alto-app-gateway/palo-alto-resource.png" alt-text="Screenshot that shows the Cloud NGFW for Azure view in the Azure portal.":::
@@ -63,8 +59,6 @@ Securing a virtual WAN hub by using a Palo Alto Networks software as a service (
63
59
64
60
You must configure a routing intent and a routing policy to use a Cloud NGFW for Azure resource as a next hop for public or private traffic. Any connected spoke virtual network, VPN gateway, or Azure ExpressRoute gateway then gets the routing information to send the traffic through the Cloud NGFW for Azure resource.
65
61
66
-
:::image type="content" source="media/palo-alto-app-gateway/palo-alto-app-gateway-vwan.png" alt-text="Diagram that shows a Cloud NGFW for Azure architecture with Application Gateway in a virtual WAN hub deployment.":::
67
-
68
62
By default, the virtual network connection to the hub has the **Propagate Default Route** option set to **Enabled**. This setting installs a 0.0.0.0/0 route to force all nonmatched traffic sourced from that virtual network to go through the virtual WAN hub. In this topology, this setting would result in asymmetric routing because the return traffic proxied by Application Gateway would go back to the virtual hub instead of the internet. When you're connecting the Application Gateway virtual network to the virtual WAN hub, set this attribute to **Disabled** to allow the Application Gateway-sourced traffic to break out locally.
69
63
70
64
:::image type="content" source="media/palo-alto-app-gateway/palo-alto-virtual-connection.png" alt-text="Screenshot that shows virtual network connections for a virtual WAN.":::
@@ -75,9 +69,7 @@ In some cases, disabling the default route propagation might not be desirable. A
75
69
76
70
:::image type="content" source="media/palo-alto-app-gateway/palo-alto-route-table.png" alt-text="Screenshot that shows an Azure route table.":::
77
71
78
-
You can locate the next hop IP address of Cloud NGFW for Azure by viewing the effective routes of a workload in a spoke virtual network. The following example shows the effective routes for a virtual machine network interface.
79
-
80
-
:::image type="content" source="media/palo-alto-app-gateway/palo-alto-effective-routes.png" alt-text="Screenshot that shows effective routes for a spoke virtual machine.":::
72
+
You can locate the next hop IP address of Cloud NGFW for Azure by viewing the effective routes of a workload in a spoke virtual network.
Copy file name to clipboardExpand all lines: articles/partner-solutions/palo-alto/palo-alto-create.md
-10Lines changed: 0 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -37,8 +37,6 @@ In this section, you see how create a Palo Alto Networks resource.
37
37
38
38
1. Use the dropdowns to set the **Virtual Network**, **Private Subnet**, and Public **Public Subnet** associated with the Palo Alto Networks deployment.
39
39
40
-
:::image type="content" source="media/palo-alto-create/palo-alto-networking.png" alt-text="Screenshot of the networking pane in the Palo Alto Networks create experience.":::
41
-
42
40
1. For **Public IP Address Configuration**, select either **Create New** or **Use Existing** and type in a name for **Public IP Address Name(s)**.
43
41
44
42
1. Select the checkbox **Enable Source NAT** to indicate your preferred NAT settings.
@@ -94,22 +92,14 @@ Next, you must accept the Terms of Use for the new Palo Alto Networks resource.
94
92
95
93
1. Select the **Next: Review + Create** to navigate to the final step for resource creation. When you get to the **Review + Create** page, all validations are run. At this point, review all the selections made in the Basics, Networking, and optionally Tags panes. You can also review the Palo Alto and Azure Marketplace terms and conditions.
96
94
97
-
:::image type="content" source="media/palo-alto-create/palo-alto-review-create.png" alt-text="Screenshot of Review and Create resource tab.":::
98
-
99
95
1. After reviewing all the information, select **Create**. Azure now deploys the Cloud NGFW by Palo Alto Networks.
1. Once the create process is completed, select **Go to Resource** to navigate to the specific Cloud NGFW by Palo Alto Networks resource.
106
100
107
-
:::image type="content" source="media/palo-alto-create/palo-alto-deploy-complete.png" alt-text="Screenshot of a completed Palo Alto Networks deployment.":::
108
-
109
101
1. Select **Overview** in the Resource menu to see information on the deployed resources.
110
102
111
-
:::image type="content" source="media/palo-alto-create/palo-alto-overview-essentials.png" alt-text="Screenshot of information on the Palo Alto Networks resource overview.":::
112
-
113
103
## Next steps
114
104
115
105
-[Manage the Palo Alto Networks resource](palo-alto-manage.md)
Copy file name to clipboardExpand all lines: articles/partner-solutions/palo-alto/palo-alto-manage.md
-2Lines changed: 0 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,8 +20,6 @@ Once your Cloud NGFW by Palo Alto Networks resource is created in the Azure port
20
20
21
21
From the Resource menu, select your Cloud NGFW by Palo Alto Networks deployment. Use the Resource menu to move through the settings for your Cloud NGFW by Palo Alto Networks.
22
22
23
-
:::image type="content" source="media/palo-alto-manage/palo-alto-overview-essentials.png" alt-text="Screenshot shows the Resource menu in a red box for a Palo Alto Networks resource.":::
24
-
25
23
## Networking and NAT
26
24
27
25
1. Select **Networking & NAT** in the Resource menu.
0 commit comments