Share via

Public Load balancer Not Passing Traffic To Firewalls For Ports tcp8443 And tcp21

Joseph Peters 0 Reputation points
2025-02-12T11:49:35.4733333+00:00

Hi All

Very strange issue, we have public load balancer working that has been operational for a few years, it has rules allowing TCP ports 5500 and UDP ports 1812, firewall behind it is working as intended, NSG on external subnet facing LB has explicate rules, routing in front of and behind firewalls is fine.

Yet I've added LB rule for ports 8443 and 21 for testing, add rules and virtual mapping on Fortigate firewalls, but I see no traffic for these ports between LB and firewalls, I would expect to see ports at least hitting firewall and being denied, but I see nothing.

Probes are all healthy .

Pulling my hair out with this one

Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
483 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alex Burlachenko 1,190 Reputation points
    2025-02-12T12:02:41.86+00:00

    Hi, looks like urs load balancer just isn’t passing traffic on ports 8443 and 21, even though everything else is working fine.

    check lb rules & backend pool and make sure the rules for 8443 and 21 are actually in place, and the firewalls are properly in the backend pool. NSG Rules doublecheck that urs NSG isn’t blocking traffic on these ports (both inbound and outbound).

    Check fortigate firewall u need to check the nat and firewall policies—maybe the traffic is being dropped there. UDR if you ve got custom routes, confirm they’re pointing traffic in the right direction. As well azure Logs try to rnable nsg flow logs and load blancer monitoring to see if the traffic is even getting through.

    rgds,

    alex

  2. Praveen Bandaru 515 Reputation points Microsoft Vendor
    2025-02-14T19:08:27.38+00:00

    Hello Joseph Peters

    Greetings!

    In addition to the solution provided above by Alex Burlachenko, I wanted to add a few more details.

    Please open the load balancer and select monitoring tab in the left blade of your Azure portal, click on the insights option, and check the backend pool availability as well and also in the metrics option you will find the health probe status.

    Ensure that the backend pool is listening on the health probe ports.

    Additionally, you need to check the NSG configuration to see if these ports are allowed or not.

    I hope this has been helpful!

    Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how. 

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.