Had some issues with palo alto <> azure VPN. The firewall was blocking the VPN traffic due to rule change. Azure gives up after a while and goes into idle mode. Needs to be restarted on azure end
1 - If Azure VPN starts getting blocked by the firewall after some time Azure gives up and goes into an idle mode, has to be restarted on Azure end for VPN to try again.
2 - The ISAKMP (udp 500) session stays open on the palo even through p1 re-keys. Check session browser for your peer IP on UDP port 500, may need to clear it.
clear session all filter destination x.x.x.x
clear session all filter source x.x.x.x
3 - Related to above if the rule that allows the UDP is set to log at end you won't see the new traffic being initiated, set the rule to log at start.
4 - We saw the Azure IP is showing with a geolocation IP of "EU" I'm guessing its related to their HA
show location ip x.x.x.x
