Azure

Welcome to the Palo Alto Networks VM-Series on Azure resource page. This area provides information about VM-Series on Microsoft Azure to help you get started or find advanced architecture designs and other resources to help accelerate your VM-Series deployment. Engage the community and ask questions in the discussion forum below.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VM-Series on Azure Deployment Resources

Welcome to the Palo Alto Networks VM-Series on Azure resource page. This area provides information about VM-Series on Microsoft Azure to help you get started or find advanced architecture designs and other resources to help accelerate your VM-Series deployment. Engage the community and ask questions in the discussion forum below.

How to Videos and Tutorials

Solution Templates on Azure

Published on Nov 6, 2024
407 views
6 likes

Deploying VM-Series from Azure Marketplace

Published on Feb 27, 2019
24,558 views
135 likes

VM-Series on Azure: Securing a Two-Tiered Application

Published on Feb 13, 2019
18,092 views
110 likes

Basic IPSec VPN Configuration with PAN-OS

Published on Feb 13, 2019
74,396 views
509 likes

VM-Series Deployment: Bootstrapping Basics

Published on Feb 27, 2019
4,799 views
27 likes

Bootstrapping the VM-Series on Azure

Published on Mar 8, 2019
2,933 views
10 likes

Note: In order to view ALL of the articles in this section and to engage in discussions on this platform, you must register for an account on LIVEcommunity. Some articles may not be viewable to unregistered users.

Register for a LIVEcommunity account

Customer Support Portal Resource

Note: In order to create a case, please create or active an account and register your device, which can be done in the Customer Support Portal. This area provides product support for all Palo Alto Networks Customers.

Login to the Customer Support Portal

Digital Learning Courses

Visit Palo Alto Networks' learning platform, Beacon, for free technical knowledge and educational resources related to all of our products.

Please note: You need to be logged into SSO in order to view this content.

Templates, Scripts and Deployment Resources

Terraform Template that deploys a two-tier containerized application on AKS secured by VM-Series

Uses a Terraform template to deploy (2) two-tiered containerized applications (Guestbook app and a WordPress server) within an AKS cluster that is protected by the VM-Series in an Application Gateway/Load Balancer sandwich.

Palo Alto Networks Community Supported

Star6
Fork6

Azure-FW-4-Interfaces

Deploys a VM-Series with 4 interfaces into an existing Microsoft Azure environment.

Palo Alto Networks Community Supported

Something went wrong...error
Star ?
Fork ?

Azure-FW-3-Interfaces

Deploys a VM-Series with 3 interfaces (1-MGMT and 2-Dataplane) into an existing Microsoft Azure environment.

Palo Alto Networks Community Supported

Something went wrong...error
Star ?
Fork ?

Multiple Azure interface variations

Several ARM templates for the VM-Series with varying options including multiple interfaces.

Palo Alto Networks Community Supported

Star5
Fork1

Azure-2-Firewalls-Public-Load-Balancer

Deploys a Public Azure Load Balancer in front of 2 VM-Series firewalls with the following features:

  • The 2 firewalls are deployed with 4-8 interfaces. 1 MGMT and 3-7 data plane.
  • Static IP addresses are assigned to the interfaces based on the input in the starting ip address fields.

Note: This template deploys into existing VNETs and storage accounts within the same region. As a result, the storage account and VNET must be created before deploying this template.

Palo Alto Networks Community Supported

Star5
Fork10

Managed Scale and Resiliency for the VM-Series on Microsoft Azure

An ARM template that deploys two VM-Series firewalls between a pair of Azure load balancers to deliver managed scale and high availability for internet facing applications.

Star28
Fork52

Using VM-Series Firewalls to Secure Internet-Facing Web Workloads

This template creates a highly available VM-Series security solution for Azure for both inbound traffic and outbound traffic. It uses VM-Series firewall pairs coupled with Azure load balancers for a fully redundant security solution.

Star4
Fork8

Auto Scaling the VM-Series-firewall on Azure v1.0

Templates and scripts that deploy Azure Load Balancers and the VM-Series firewalls to deliver security for internet facing applications. Allows for protecting of new or existing workloads.

Star17
Fork39

Azure Transit VNet with the VM-Series

Deploys a Hub and Spoke architecture to centralize commonly used services such as security and secure connectivity. All traffic to and from the Spokes will 'transit' the Hub VNet and will be protected by the VM-Series next generation firewall.

Star20
Fork37

Azure Transit VNET architecture with auto scaling VM-Series in application spoke

Deploys a Hub and Spoke architecture to centralize commonly used services such as security and secure connectivity. All traffic to and from the Spokes will 'transit' the Hub VNET and will be protected by the VM-Series next generation firewall. Version 1.1 adds ability to do auto scaling for VM-Series to protect Internet facing applications running in a spoke VNET.

Star20
Fork37

Two tier application environment protected by VM-Series

ARM template that deploys a two-tiered web/DB application environment secured by a VM-Series firewall. Template includes relevant User-Defined Route (UDR) tables to send all traffic through the VM-Series firewall.

Star122
Fork156

Terraform two tier application environment protected by VM-Series

A Terraform Template that deploys two-tiered web/DB application environment secured by a VM-Series firewall.

Palo Alto Networks Community Supported

Star152
Fork154

Azure VM Monitoring

Python script that harvests Azure VM properties and publishes them as IP-tag mappings that can be used in a Dynamic Address Group.

Star3
Fork2

Terraform, Ansible and Other Automation Resources

Palo Alto Networks Ansible Modules

Ansible modules that automate configuration and operational tasks on Palo Alto Networks physical or virtualized firewalls. The underlying protocol uses API calls that are wrapped within Ansible framework.

Palo Alto Networks Community Supported

Star230
Fork163

Provider for PAN-OS

Automates various configuration and policy aspects of the Palo Alto Networks physical or virtualized next generation firewalls and Panorama.

Palo Alto Networks Community Supported

Palo Alto Networks Repository of Terraform Templates to Secure Workloads on AWS and Azure

Terraform Templates that deploy 3-tier and 2-tier applications along with VM-Series firewalls on AWS and Azure.

The templates provided in these repositories provide best practice guidelines to deploy workloads on public cloud platforms and to secure these workloads using the VM-Series firewall.

Palo Alto Networks Community Supported

Star152
Fork154

Palo Alto Networks Device Framework

A framework for interacting with Palo Alto Networks devices (including Next-generation Firewalls and Panorama) using the device API that is object oriented and conceptually similar to interaction with the device via the GUI or CLI.

Palo Alto Networks Community Supported

Star355
Fork175

IronSkillet Templates

A set of day one configuration templates and code snippets that enable the assembly of full config files or modification of existing policies that can be used to bootstrap a firewall, imported directly to a firewall or through Panorama.

Palo Alto Networks Community Supported

PANHandler Config Templates

Enables management and sharing of full PAN-OS device configurations, or a set of configuration elements.

Palo Alto Networks Community Supported

PAN-OS Bootstrapper Archive Package

A tool to quickly build all required files to bootstrap a Pala Alto Networks NGFW device. This usually requires a customized bootstrap.xml, init-cfg.txt, and a license file. The output will be an archive package, either ISO or ZIP, with all required files fully compiled from the supplied templates and input variables.

Palo Alto Networks Community Supported

Star13
Fork10

Flexible Cloud Automation Tool (FCA)

Enables users to create public cloud templates using data about the deployment beyond architecture diagrams. FCA will deploy (and configure) the VM-Series along with all the supporting components such as, route tables, load balancers, all networking components, IPSEC tunnels, and security groups.

Star28
Fork31

Discussions

Author Topic Views Replies
02-14-2025

SSL Forward Proxy - Exclude certain IPs from decryption

Hi there, I'm running PA-VM (VM-300) version 9.1.16-h3 in Azure. I have configured response pages which work as expected. However, I cannot seem t...

241 3
02-08-2025

PAN-OS Upgrade / Downgrade procedure Contains a hyperlink

I need to rebuild an HA peer for an existing NGFW in our Azure Production environment with minimal downtime. The existing NGFW was deployed as BYOL...

152 0
02-03-2025

Commit issue

Hi Team, I am using the VM-series FWs in Azure cloud, while commit I am receiving the following error. I am trying to change the DNS servers fo...

222 1
01-30-2025

vm-series with AWS GWLB

We are to deploy vm-series in AWS with GWLB. The docs says " To ensure that the VM-Series firewall can inspect traffic that is routed between VPC ...

197 0
12-26-2024

Can VM-FW in Azure provide IPv6? Contains a hyperlink

Hello, I would like use VM-FW on Azure for IPv6?I looked at the following document. https://docs.paloaltonetworks.com/vm-series/11-1/vm-series-...

656 1
01-07-2025

Palo Alto Firewall in Azure backup

Got some PA-VM-FLEX in GCP and Azure. I could create a backup routine for the GCP ones, but, I can't complete a backup for the Azure one. Found s...

693 2
10-26-2024

Palo Alto VM series deployment in Azure Cloud

Hello Everyone, We are planning to deploy two VM series firewalls in our Azure landing zone. In our case, Palo Alto firewall is like a data c...

635 1

Blogs

Peer Address vs Peer Identification in IPSec IKE Site to Site VPN with VM Firewall in Azure Contains an image

08-03-2023 — In IPSec specifically in Phase 1 IKE, the term "peer" refers to the entity that is communicating with the local device. — Read more

Labels: Azure Cloud IPSec
22492 1 by in Community Blogs

New Cloud NGFW for Azure Page on LIVEcommunity! Contains an image Contains a hyperlink

05-03-2023 — Head to LIVEcommunity's new Cloud NGFW for Azure products page for blogs, articles, videos, and more related to this fully managed, Azure-native, NGFW service. — Read more

Labels: Azure Cloud Cloud NGFW Cloud NGFW for Azure Resources
4196 3 by in Community Blogs

3 Reasons Why You Need to Consider Cloud NGFW for Azure Contains an image Contains a hyperlink

05-02-2023 — Check out three reasons why you should consider Cloud NGFW for Azure, Palo Alto Networks fully managed, Azure-native, NGFW service. — Read more

Labels: Azure Cloud Cloud NGFW for Azure ngfw
9515 4 by in Community Blogs

VM-Series Virtual Firewalls Integrate with Azure Gateway Load Balancer Contains an image Contains a video Contains an attachment Contains a hyperlink

10-17-2022 — Azure Gateway Load Balancer helps to easily deploy, scale, and manage VM-Series firewalls referred to as Network Virtual Appliances (NVAs) in Azure. — Read more

Labels: Azure VM-Series VM-Series on Azure
10579 1 3 by in Community Blogs

Defense-in-Depth Strategy With WAF and VM-Series NGFW Contains an image Contains a hyperlink

08-25-2022 — A look at the capabilities of web application firewalls (WAS) and Palo Alto Networks' VM-Series NGFW when working together and apart. — Read more

Labels: AWS Azure Cloud ngfw VM-Series
14874 6 by in Community Blogs

Articles

Here's What You Missed — June Rewind Contains an image Contains a hyperlink

07-01-2021 — Catch up on everything the LIVEcommunity was up to during the month of June! — Read more

Labels: community news VM-Series on Azure
4709 1 by in News

Here's What You Missed - April Rewind Contains an image Contains a hyperlink

05-03-2021 — LIVEcommunity April Rewind It’s a new month so you know what that means… time for our monthly rewind! Let’s take a look back at April and see all of the exciting announcements and initiatives shared on the LIVEcommunity. It's Here - The Enhanced LIVEcommunity Experience The enhanced LIVEco... — Read more

Labels: April community Community Updates News VM-Series on Azure
4846 1 by in News

Firewall VM-Series Contains an image Contains a hyperlink

10-15-2020 — Firewall VM-Series: Overview (2 hrs) AWS (1.5 hrs) Azure (1.5 hrs) GCP (1.5 hrs) — Read more

Labels: Cloud VM-Series on AWS VM-Series on Azure
6122 1 by in Digital Learning Articles