AWS

Welcome to the Palo Alto Networks VM-Series on AWS resource page. Here you will find resources about VM-Series on AWS to help you get started with advanced architecture designs and other tools to help accelerate your VM-Series deployment. Engage the community and ask questions in the discussion forum below.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VM-Series on AWS Deployment Resources

Welcome to the Palo Alto Networks VM-Series on AWS resource page. Here you will find resources about VM-Series on AWS to help you get started with advanced architecture designs and other tools to help accelerate your VM-Series deployment. Engage the community and ask questions in the discussion forum below.

How to Videos and Tutorials

Deploy VM Series Firewall from the AWS Market Place

Published on Jun 7, 2024
876 views
8 likes

Policy Automation using Dynamic Address Group and VM Monitoring

Published on May 9, 2023
4,626 views
24 likes

Note: In order to view ALL of the articles in this section and to engage in discussions on this platform, you must register for an account on LIVEcommunity. Some articles may not be viewable to unregistered users.

Register for a LIVEcommunity account

Customer Support Portal Resource

Note: In order to create a case, please create or active an account and register your device, which can be done in the Customer Support Portal. This area provides product support for all Palo Alto Networks Customers.

Login to the Customer Support Portal

Digital Learning Courses

Visit Palo Alto Networks' learning platform, Beacon, for free technical knowledge and educational resources related to all of our products.

Please note: You need to be logged into SSO in order to view this content.

Templates, Scripts and Deployment Resources

Amazon GuardDuty to VM-Series Integration

Uses an AWS Lambda function to feed Amazon GuardDuty threat intelligence to the VM-Series for security policy execution.

Palo Alto Networks Community Supported

Star6
Fork3

Auto Scaling the VM-Series on AWS

A set of templates and scripts that deploys an AWS Load Balancer sandwich and the VM-Series firewalls to deliver an Auto Scaling solution for securing internet facing applications.

Star58
Fork64

Auto Scaling the VM-Series on AWS

A set of templates and scripts that deploys an AWS Load Balancer sandwich and the VM-Series firewalls to deliver an Auto Scaling solution for securing internet facing applications.

Star58
Fork64

Auto Scaling the VM-Series on AWS

A set of templates and scripts that deploys an AWS Load Balancer sandwich and the VM-Series firewalls to deliver an Auto Scaling solution for securing internet facing applications.

Star58
Fork64

Auto Scaling VM-Series firewalls on AWS Version 2.1

A set of templates and scripts that deploys AWS Load Balancers and the VM-Series firewalls to deliver an Auto Scaling solution for securing internet facing applications. New in this version is the ability to protect existing workloads as well as net new.

Star58
Fork64

Auto Scaling GlobalProtect on AWS

A sample prototype for Auto Scaling GlobalProtect on AWS.

Palo Alto Networks Community Supported

Star79
Fork83

Auto Scaling the VM-Series on AWS with Terraform

Terraform Template that deploys an AWS Load Balancer sandwich and the VM-Series firewalls to enable Auto Scaling.

Palo Alto Networks Community Supported

Star151
Fork154

ALB/NLB Load Balancer sandwich for managed scale/high availability

Templates and scripts that deploy an AWS ALB/NLB Load Balancer sandwich and two VM-Series firewalls to deliver managed scale and high availability for inbound applications.

Palo Alto Networks Community Supported

Star13
Fork13

Palo Alto Networks NAT Rule Updater

A process for keeping NAT rule destination IPs in sync with changing Elastic Load Balancer VIPs. A Lambda function is used to retrieve the latest ELB VIPs and updates the NAT destination IP if necessary. The process uses naming conventions and instance tagging for configuration.

Partner Community Supported

Something went wrong...error
Star ?
Fork ?

Hybrid arch/two tier application environment protected by VM-Series

Sample AWS CloudFormation Template that deploys a two-tiered web/DB application environment secured by a VM-Series firewall.

Star79
Fork83

AWS two-tier sample deployed with Terraform

Terraform template that deploys a two-tier web/DB application on AWS secured by a bootstrapped VM-Series firewall.

Palo Alto Networks Community Supported

Star151
Fork154

AWS two-tier sample deployed with Terraform & Ansible

Deploys a two-tiered web/DB and bootstrapped VM-Series firewall using a Terraform Template. The VM-Series is then configured using Ansible scripts.

Palo Alto Networks Community Supported

Star151
Fork154

Transit VPC with the VM-Series on AWS

The AWS Transit VPC is a highly scalable architecture that provides centralized security and connectivity services. Our VM-Series integration with the Transit VPC allows for a fully automated method of securely attaching subscribing (spoke) VPCs to the transit VPC.

Palo Alto Networks Community Supported

Star41
Fork34

Transit VPC Manual Build Step-by-Step Guide

Guides user through the process of building a Transit VPC with the VM-Series. Once completed, the user will have built a Hub, and 3 subscribing VPC spokes.

Palo Alto Networks Community Supported

AWS Transit Gateway – Manual Build

Step by step guide to deploying a Transit Gateway within a Transit VPC with the VM-Series.

Palo Alto Networks Community Supported

Transit VPC CloudFormation Template

CloudFormation Template that a automates the deployment of a Transit Gateway within a Transit VPC with the VM-Series.

Star35
Fork30

Transit Gateway Deployment for North/South and East/West Inspection

Terraform Template that a automates the deployment of a Transit Gateway within a Transit VPC with the VM-Series.

Star47
Fork76

Using User-ID to block malicious source IPs

Enables the VM-Series to block malicious source IP addresses when deployed behind a Source NAT device like an AWS ALB by feeding X-Forward-For header to User-ID.

Star7
Fork1

Terraform, Ansible and Other Automation Resources

Palo Alto Networks Ansible Modules

Ansible modules that automate configuration and operational tasks on Palo Alto Networks physical or virtualized firewalls. The underlying protocol uses API calls that are wrapped within Ansible framework.

Palo Alto Networks Community Supported

Star230
Fork162

Provider for PAN-OS

Automates various configuration and policy aspects of the Palo Alto Networks physical or virtualized next generation firewalls and Panorama.

Palo Alto Networks Community Supported

Palo Alto Networks Repository of Terraform Templates to Secure Workloads on AWS and Azure

Terraform Templates that deploy 3-tier and 2-tier applications along with VM-Series firewalls on AWS and Azure.

The templates provided in these repositories provide best practice guidelines to deploy workloads on public cloud platforms and to secure these workloads using the VM-Series firewall.

Palo Alto Networks Community Supported

Star151
Fork154

Palo Alto Networks Device Framework

A framework for interacting with Palo Alto Networks devices (including Next-generation Firewalls and Panorama) using the device API that is object oriented and conceptually similar to interaction with the device via the GUI or CLI.

Palo Alto Networks Community Supported

Star352
Fork174

IronSkillet Templates

A set of day one configuration templates and code snippets that enable the assembly of full config files or modification of existing policies that can be used to bootstrap a firewall, imported directly to a firewall or through Panorama.

Palo Alto Networks Community Supported

PANHandler Config Templates

Enables management and sharing of full PAN-OS device configurations, or a set of configuration elements.

Palo Alto Networks Community Supported

PAN-OS Bootstrapper Archive Package

A tool to quickly build all required files to bootstrap a Pala Alto Networks NGFW device. This usually requires a customized bootstrap.xml, init-cfg.txt, and a license file. The output will be an archive package, either ISO or ZIP, with all required files fully compiled from the supplied templates and input variables.

Palo Alto Networks Community Supported

Star13
Fork10

Flexible Cloud Automation Tool (FCA)

Enables users to create public cloud templates using data about the deployment beyond architecture diagrams. FCA will deploy (and configure) the VM-Series along with all the supporting components such as, route tables, load balancers, all networking components, IPSEC tunnels, and security groups.

Star28
Fork31

Discussions

Author Topic Views Replies
01-15-2025

Not able to set the PANG admin account password after enabling FIPS-CC mode Contains a hyperlink

Hello, When I set up my AWS PANG to FIPS-CC mode I am not able to set the admin account password. I tested the paloaltonetworks.panos.panos_admpwd...

141 2
01-08-2025

Palo Alto VM Series Routing Problem in AWS

I am working on a greenfield proof of concept and I am running into some challenges. I am trying to get VPC A in Account A to route internet traffi...

116 0
01-08-2025

AWS Privatelink for Hub and Spoke Topology Contains an image Contains an attachment

HI all, Need some assistance with someone who has familiarity with deploying VM-Series FW in AWS w/ AWS Privatelink....our organization currentl...

139 0
01-01-2025

Solved! Paloalto VM series ha into AWS cloud

Hi Experts, I need to update my firewall which is hosted into AWS. How can I make sure failover mode is secondary IP not interface move. I need ...

242 1
12-26-2024

Can VM-FW in Azure provide IPv6? Contains a hyperlink

Hello, I would like use VM-FW on Azure for IPv6?I looked at the following document. https://docs.paloaltonetworks.com/vm-series/11-1/vm-series-...

429 1
10-29-2024

PA-VM in AWS with Decryption Rule - server side connection kept open

Hello, running 11.1.2-h3 on AWS with decryption rule. The setup is: Windows Client --> FW --> Web-Proxy --> Internet Firewall decrypts the traffic...

439 0
09-10-2024

Vulnerability on VM Series

Hi Guys,I have a few vulnerabilities on my vm-series firewall, which is hosted in AWS, which I'm mentioning below. 1. Palo Alto Networks (PAN-OS...

862 1

Blogs

Announcing VM-Series on AWS Connected Mobility Solutions (CMS) to Protect Your Connected Vehicles Contains an image Contains a hyperlink

12-19-2024 — Protect what drives you – starting today with VM-Series on AWS CMS — Read more

Labels: Advanced URL Filtering AWS Next Generation Firewall software firewalls User-ID VM Series VM-Series on AWS
406 by in Community Blogs

Simplify Security in AWS with Palo Alto Networks Software Firewalls and AWS Cloud WAN Service Insertion Contains an image

06-11-2024 — Announcement of integration that allows to seamlessly insert Palo Alto Networks software firewalls(Palo Alto Networks Managed Cloud NGFW or self-managed VM-Series firewalls) to inspect inter-VPC and inter-region AWS cloud WAN traffic leveraging AW... — Read more

Labels: AWS AWS Cloud WAN Cloud NGFW Next-Gen Firewalls VM-Series
4520 by in Community Blogs

New Features in the August 2022 Cloud Integration Releases Contains an image Contains a hyperlink

09-20-2022 — Find out about the new features of the August 2022 Cloud Integration Release. — Read more

Labels: AWS Cisco ACI Cloud CN-Series GCP Panorama plugin
5226 1 by in Community Blogs

Defense-in-Depth Strategy With WAF and VM-Series NGFW Contains an image Contains a hyperlink

08-25-2022 — A look at the capabilities of web application firewalls (WAS) and Palo Alto Networks' VM-Series NGFW when working together and apart. — Read more

Labels: AWS Azure Cloud ngfw VM-Series
14270 6 by in Community Blogs

Getting Started with Prisma Cloud - “Cloud Network Analyzer” Contains an image Contains a hyperlink

07-27-2022 — The Cloud Network Analyzer engine on Prisma Cloud helps determine the Network exposure of your cloud assets and secure them from Network threats by providing an end-to-end path analysis. At the time of this blog, the Network Analyzer is only suppo... — Read more

Labels: AWS Azure cloud security Compute Edition Investigation Misconfiguration Network Exposure Network Perimeter Path Visibility Prisma Cloud RQL
7368 1 by in Community Blogs

Articles

Upgrading VM Series Firewalls Behind Load Balancer in AWS Contains an image Contains a hyperlink

09-28-2023 — This blog outlines the best practices for upgrading the VM series firewalls in AWS. — Read more

Labels: AWS Best Practices Firewall Gateway Load Balancer VM Series VM-Series VM-Series on AWS
6206 1 1 by in General Articles

Get Started with VM-Series with AWS Gateway Load Balancer - A PoC Playbook Guide Contains an image Contains a hyperlink

09-06-2023 — This article provides the steps to setup, demonstrate and teardown the Palo Alto Networks' VM-Series Next Generation Firewalls on AWS in integration with the AWS Gateway Load Balancer. — Read more

Labels: AWS Cloud Automation Gateway Load Balancer Security automation Terraform VM-Series VM-Series on AWS
8049 2 by in General Articles

VM-Series with Alibaba Cloud HAVIP Contains an image Contains a hyperlink

09-09-2021 — Alibaba Cloud recently introduced a feature called HAVIP allow VM-Series firewalls to be deployed in active/standby mode. — Read more

Labels: Alibaba Alibaba Cloud VM-Series VM-Series on AWS
9047 1 by in General Articles

VM-Series with Alibaba Cloud CEN Transit Router Contains an image Contains a hyperlink

09-09-2021 — With CEN-TR, VM-Series firewalls can be deployed in a Security VPC to protect inbound, outbound and east/west traffic between a large number of VPCs on Alibaba Cloud. — Read more

Labels: Alibaba Alibaba Cloud VM-Series VM-Series on AWS
8153 1 by in General Articles

Packet Flow in the AWS Gateway Load Balancer—Outbound Contains an image Contains an attachment

06-10-2021 — A step-by-step walkthrough of a connection from a client in an AWS environment utilizing the Transit Gateway and Gateway Load Balancer to an internet-based server. — Read more

Labels: AWS Gateway Load Balancer GWLB TGW Transit Gateway VM-Series on AWS
12848 1 3 by in General Articles