I am still pretty new to the Palo Alto product line and was hoping I can enlist the help of the community to get some feedback and possible use case scenarios for using the VM based firewall. I am currently working on a few new branch office projects and originally planned on using the PA-500 for small office (less than 40 users) and the PA-3020 for larger office (40+ users with 100 max). Due to some new budget constraints, I am being asked to reduce the firewall budget. This is partially due to our IT folks deploying a 2 host Vmware cluster at each of the sites, based on some hefty HP G8 servers. Hence the reason why my budget was reduced. :-)
After doing some research, I noticed that the VM edition firewalls are all rated at 1Gbps when the host machine is setup for (4) cores.There are some obvious differences between models when it comes to number of policies, sessions, and etc..
My plan is since there is going to be a vmware cluster, why not use the VM edition of the firewall running on the cluster to save some money on the appliance hardware. The use case for the cluster currently is to server up DHCP, DNS, and possibly a domain controller. So there should plenty of resources left over to run the firewall. My assumption is since we will have a vcenter license, that I will probably not need to cluster the VM appliances since if one Vmware host fails, the VM will be Vmotioned to the second Vmware host.
Is there anyone in the community that are using the virtual edition firewalls in this fashion? If they are, could you provide me some feedback with the performance and possibly some recommendations.
Solved! Go to Solution.
some users say, that vMotion is possible, but for what i know, vMotion is officially not supported, might be interesting in a support case.
Furthermore only HA-Lite is supported meaning no session sync.
I would say a VM-Edition is useful for controlling traffic inside a datacenter or something similar, but for security reasons I would never use a vm as perimeter.
The use case of remote or branch office is not the anticipated one for the VM series Palo Alto. This is designed as a solution to put a firewall inside VMware hosts at a data center to secure communications between virtual machines inside a host.
As a result there are some short comings for you deployment scenario.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!