Azure

VM-Series on Azure Deployment Resources

Welcome to the Palo Alto Networks VM-Series on Azure resource page. This area provides information about VM-Series on Microsoft Azure to help you get started or find advanced architecture designs and other resources to help accelerate your VM-Series deployment. Engage the community and ask questions in the discussion forum below.

How to Videos and Tutorials

Templates, Scripts and Deployment Resources

Terraform Template that deploys a two-tier containerized application on AKS secured by VM-Series

Uses a Terraform template to deploy (2) two-tiered containerized applications (Guestbook app and a WordPress server) within an AKS cluster that is protected by the VM-Series in an Application Gateway/Load Balancer sandwich.

Palo Alto Networks Community Supported

Azure-FW-4-Interfaces

Deploys a VM-Series with 4 interfaces into an existing Microsoft Azure environment.

Palo Alto Networks Community Supported

Azure-FW-3-Interfaces

Deploys a VM-Series with 3 interfaces (1-MGMT and 2-Dataplane) into an existing Microsoft Azure environment.

Palo Alto Networks Community Supported

Multiple Azure interface variations

Several ARM templates for the VM-Series with varying options including multiple interfaces.

Palo Alto Networks Community Supported

Azure-2-Firewalls-Public-Load-Balancer

Deploys a Public Azure Load Balancer in front of 2 VM-Series firewalls with the following features:

  • The 2 firewalls are deployed with 4-8 interfaces. 1 MGMT and 3-7 data plane.
  • Static IP addresses are assigned to the interfaces based on the input in the starting ip address fields.

Note: This template deploys into existing VNETs and storage accounts within the same region. As a result, the storage account and VNET must be created before deploying this template.

Palo Alto Networks Community Supported

Managed Scale and Resiliency for the VM-Series on Microsoft Azure

An ARM template that deploys two VM-Series firewalls between a pair of Azure load balancers to deliver managed scale and high availability for internet facing applications.

Using VM-Series Firewalls to Secure Internet-Facing Web Workloads

This template creates a highly available VM-Series security solution for Azure for both inbound traffic and outbound traffic. It uses VM-Series firewall pairs coupled with Azure load balancers for a fully redundant security solution.

Auto Scaling the VM-Series-firewall on Azure v1.0

Templates and scripts that deploy Azure Load Balancers and the VM-Series firewalls to deliver security for internet facing applications. Allows for protecting of new or existing workloads.

Azure Transit VNet with the VM-Series

Deploys a Hub and Spoke architecture to centralize commonly used services such as security and secure connectivity. All traffic to and from the Spokes will 'transit' the Hub VNet and will be protected by the VM-Series next generation firewall.

Azure Transit VNET architecture with auto scaling VM-Series in application spoke

Deploys a Hub and Spoke architecture to centralize commonly used services such as security and secure connectivity. All traffic to and from the Spokes will 'transit' the Hub VNET and will be protected by the VM-Series next generation firewall. Version 1.1 adds ability to do auto scaling for VM-Series to protect Internet facing applications running in a spoke VNET.

Two tier application environment protected by VM-Series

ARM template that deploys a two-tiered web/DB application environment secured by a VM-Series firewall. Template includes relevant User-Defined Route (UDR) tables to send all traffic through the VM-Series firewall.

Terraform two tier application environment protected by VM-Series

A Terraform Template that deploys two-tiered web/DB application environment secured by a VM-Series firewall.

Palo Alto Networks Community Supported

Azure VM Monitoring

Python script that harvests Azure VM properties and publishes them as IP-tag mappings that can be used in a Dynamic Address Group.

Join a Discussion and get your Questions Answered

Have questions? Join the Live Community to post your questions and get answers.
Author Topic Views Replies
4 hours ago

Second Public IP for VM-300 hosted in Azure

Hi everyone, our PAN NIC in Azure looks like this Primary IP: 192.168.1.4/1.1.1.1 Secondary IP: 192.168.1.8/1.1.1.2. On the Vm-300 inte...

68 2
Thursday

Downgrading from PANOS-9.1.0-h3 to 9.0.4 -- access fails, logon

After Downgrading from PANOS-9.1.0-h3 to PANOS 9.0, in Azure, VM100 fails to accept logon. I've tried twice. Once to base 9.0 and another to 9.0.4 wit...

255 4
2 weeks ago

Ultimate Test Drive (UTD) - Get “Hands On” With the VM-Series on Google Cloud Platform (GCP)

As we continue with our efforts to improve and enhance the public cloud UTDs, a new version of Google Cloud Platform (GCP) UTD focused on how VM-Serie...

112 0
2 weeks ago

Ultimate Test Drive (UTD) - Get “Hands On” With the VM-Series on Microsoft Azure

As we continue with our efforts to improve and enhance the public cloud UTDs, a new version of Azure UTD focused on VM-Series firewall in Azure is now...

119 0
02-26-2020

More info on HA in Azure?

The documentation seems a bit light on detail. I have created a Service Principle in Azure and entered the data into my two firewalls as per these doc...

326 1
01-27-2020

Impossible to connect to panorama on Azure - Login prompt doesn't appear

Hello Everyone,  How are you?  I have a big problem with my panorama.  Context:  I have set up a Panorama on A...

342 0
02-07-2020

Azure bootstrap - indirect internet access

Hello, We are in the process of bootstrapping our ELA-licensed VM-series firewalls for use in Azure. The firewalls will not have internet access ...

517 1

Note: In order to view ALL of the articles in this section and to engage in discussions on this platform, you must register for an account on Live Community. Some articles may not be viewable to unregistered users.

Register for a Live Community account

Customer Support Portal Resource

Note: In order to create a case, please create or active an account and register your device, which can be done in the Customer Support Portal. This area provides product support for all Palo Alto Networks Customers.

Login to the Customer Support Portal