none
ExpressRoute BGP Routing through Palo Alto Firewall RRS feed

  • Question

  • Hello,

    I am wondering if anyone has setup a BGP Private Peering connection to Azure via ExpressRoute using a Palo Alto Firewall - Model PA-3020. I have setup BGP on my end but am unable to ping the Azure Edge Router from the firewall. I have an active status on the BGP on my firewall.

    I'm using a Cloud Exchange type of ExpressRoute, so my ISP routes me to Equinix and then to Azure.

    The portal is showing that is connected I believe blue/green connection bar on my VNET.

    Tuesday, March 1, 2016 4:29 PM

Answers

  • Hello John,

    Thank you for contacting us. It looks like the status on the portal shows as connected on the portal.

    Is this a new setup or was it working fine before?

    Did you get the routes from Azure and are you advertising the routes from your end.

    Could you please send me some route info on your router to see if the routes are advertised properly or not?

    Regards,

    Dipin Mathew.

    Wednesday, March 2, 2016 12:22 PM

All replies

  • Hello John,

    Thank you for contacting us. It looks like the status on the portal shows as connected on the portal.

    Is this a new setup or was it working fine before?

    Did you get the routes from Azure and are you advertising the routes from your end.

    Could you please send me some route info on your router to see if the routes are advertised properly or not?

    Regards,

    Dipin Mathew.

    Wednesday, March 2, 2016 12:22 PM
  • Hi,

    I'm interested in this query too.

    We have done a design here in Australia where we used a cloud exchange provider (Megaport) to connect a customer to Microsoft ExpressRoute for using O365 services. The idea is the actual Megaport service will be physically connected to their core switches with a Q-in-Q hand-off, but the actual eBGP peering will be performed on their Palo Alto firewalls. Do you know if this is a supported solution? Apparently Palo Alto is saying that is not a known Microsoft or Palo Alto supported solution.

    Thanks.

    Sunday, July 31, 2016 10:47 PM
  • Did you ever get a solution here as I am looking to do exactly the same - QinQ handoff on my Cisco core device with routing performed on the PaloAlto's.

    Super keen to hear any feedback !

    Thanks

    Thursday, August 31, 2017 10:25 AM
  • Did you ever get a solution here as I am looking to do exactly the same - QinQ handoff on my Cisco core device with routing performed on the PaloAlto's.

    Super keen to hear any feedback !

    Thanks

    About to implement the same solution in our environment, would love to hear some feedback (since 2017...) thank you for your time!
    Monday, September 16, 2019 3:17 PM