Hi
I am trying to play with traffic flow on PlaoAlto firewall with UDR. I created three interfaces (trusted, untrusted, dmz) in virtual PaloAlto firewall. Also created nsg for each interface subnet allowing rdp traffic. I have a host in dmz subnet natted to public ip. That public ip is configured as a secondary ip in the untrusted interface of firewall (not sure if its a right way). I configured the nat and acl inside the firewall to allow rdp access from a specific source ip (my home pc). When I try to rdp to that dmz host, it fails. when I check the firewall log, it shows the traffic gets hit on the firewall and it fails. When I check the Azure IP Flow tool providing Local IP, remote IP and ports, it shows traffic successful. Can somebody give me some tips on how can I troubleshoot traffic flow inside the azure and nail down where its being blocked.
When I bypass the UDR and map the dmz host directly to public ip and try to rdp , it works just fine.