Public IP address for Azure Cluster does not fail over when Nat Rule is configured on Azure Load Balancer in CloudGuard (vSEC) for Azure environment

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk125435
Technical Level
Product	CloudGuard Network for Azure
Version	All
OS	Gaia
Platform / Model	Azure
Date Created	26-Apr-2018
Last Modified	03-Sep-2018

Symptoms

Public IP address for Azure Cluster does not fail over, when Nat Rule is configured on Azure Load Balancer in CloudGuard (vSEC) for Azure environment.
This issue only occurs on the Microsoft Azure for deployment template version: 20180301 and above.
The following error appears in the $FWDIR/log/azure_had.elg logs:
"RequestException: HTTP/1.1 400 Bad Request"
The following error appears in the Azure event logs for the Resource Group that the Public IP address belongs in - "Microsoft.Network/networkInterfaces/write","Failed","Error"," "

Cause

Microsoft Azure has changed the API permissions that are used for updating a Public IP address. The API calls that are made from the azure_had.py script are no longer able to make the required calls to update the Public IP address to the new active member.

Solution

Note: To view this solution you need to Sign In .