Help Needed: NAT & Security Policy Configuration for Azure LB → Palo Alto → DMZ Webserver (Public IP)

Hello Team,

Goal:
I want to access the DMZ Webserver (Public IP) via the Azure Load Balancer Public IP.

Current Setup:

• Azure Public Load Balancer is created with Frontend IP, Backend Pool, and Health Probe.

• Palo Alto Firewall VM is added to the backend po

Multi-Zone PA-VM in Azure using different Front-End IP

I'm trying to come up with a architecture design using PA-VM in Azure on a Transit-VNET. I'm familiar with the reference architecture but this limits me to only Trust & Untrust zone. I also understand that doing PA-VM in cloud recommends using Azure

AWS GWLB with secondary appliance in chain

I'm working with a dedicated inspection VPC+GWLB for the first time. I have the TGW, GWLB, and general routing working with just the Palo in play. East west traffic from vpc1 to vpc2 is correctly going into the inspection VPC and I can see the traffi

SSH certificate authentication

Hi,

I wanted to know if it is possible to require SSH certificate authentication as opposed to password authentication when doing a SSH logging into azure-hosted VM-series virtual firewalls? If this is possible, where can I find documentation that ad

Source NAT (DIP or DIPP) using a pool of addresses

I want to use source NAT going outbound across a pool of addresses.  Is it possible to do distribution across the pool of addresses in round-robin fashion?  In my testing with initiating connections from a single host, it is persisting with the same

AWS IPSec tunnel active/active HA with BGP

Looking for some help here.  I have an ongoing case with support concerning AWS tunnel issues.  My production FWs are active/active but not in sync.  Just always been that way, it's the way I inherited it.  I have 4 tunnels to AWS (2 on each FW) BGP

VM-seires sizing on AWS and Azure

hello experts, 

Plan to implement VM FW on AWS and Azure.

Gone through the credit calculator

https://www.paloaltonetworks.com/resources/tools/ngfw-credits-estimator

Just wondering how many vCPU is required.

Except throughput, CDSS and number of GW, w

vm-series on Azure with hyperthreading disabled

By default VMs on Azure will run with hyperthreading enabled. It seems possible to run with hyperthreading disabled on Azure, and running vm-series with hyperthreading disabled is in fact recommended on other virtualization platforms.

Is anyone run

AVD VMs Unavailable When Traffic Passes Through Palo Alto Firewall

Hi All,

We’re facing an issue where AVD VMs show as unavailable when routed through the Palo Alto firewall. Required URLs and services are already whitelisted as per Microsoft documentation. Even with an ANY-ANY rule and no security profiles, the iss

Unable to connect log collector to panorama

I have a panorama VM running on Azure, I am currently trying to bring up some log collector VMs also on azure to handle the logs of my firewalls.

I have been able to deploy the log collectors, but when I add the log collector to the panorama through

PANW aws vm-series ipsec tunnel ip /30 Tunnel interface

Question on aws vm series ipsec tunnel ip /30 Tunnel interface

Hello Livecommunity, how is it going? I hope it's going well

I have a doubt, thinking in vmseries on Amazon, where from the virtual stick arme several ipsec tunnels site to sire eit

Firewalls in Active Active using Azure Internal Load balancer

Hi, we have deployed Palo-alto firewalls on Azure and a Standard Internal Load Balancer with single front-end IP and single backend pool, does LB maintain session state if -

(1) communication is sourced from Azure VNET destined to On-premise ?

(2) co

unable to loing kvm and esxi vm series

we are facing the challenge to deply vm-series 30 days trial series in our virtual environment. need support.

palo alto cfg.general.need-acknowledgement-to-login no_matches

Palo Alto VM-Series in Azure DMZ - AVS

 Okay see if I can word this as best as possible. I made up the network IP addresses for this diagram.

We are in the progress of migrating one of our on-prem DC to the Azure public Cloud.  Obstacle we are facing is with how the DMZ will look and wo