This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Scaling at the Speed of Traffic: New AWS Autoscaling and Automation for VM-Series

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Blogs
3 min read

Scaling at the Speed of Traffic: New AWS Autoscaling and Automation for VM-Series

vsivetskiy
L2 Linker
‎05-08-2026 04:04 AM

title.png

 

Cloud infrastructure expects seamless scaling, but the reality for security appliances has often been more complex. Whether you’re managing a sudden traffic surge or recovering from an unexpected instance failure, the speed at which your firewall can join or leave the network is critical to maintaining both application availability and budget efficiency.

 

To address these challenges, we are introducing two significant updates to the VM-Series on AWS: native Warm Pool integration and the Panorama Delicensing Manager. Together, these features streamline the lifecycle of your software firewalls from initial boot to final decommissioning.

 

The Challenge: The "Scale Gap"

 

Historically, autoscaling firewalls has involved two primary operational hurdles:

 

  1. The Boot Time Penalty: Traditional firewall initialization can often take over 15 minutes. To compensate for this delay, customers are often forced to set scaling thresholds lower to ensure capacity is available before a surge peaks, leading to over-provisioning.
  2. License Entitlement Lag: When an instance scales in or fails, reclaiming the FW FLEX license has often required manual intervention or waiting for sporadic timeouts. This "stuck" license ties up credits that could be used elsewhere in the environment.

 

The Solution: Closing the Lifecycle Loop

 

1. Faster Scale-Out with AWS Warm Pools

 

By integrating with AWS Warm Pools, VM-Series instances can now reside in a "pre-initialized" state. This effectively moves the heavy lifting of the boot process out of the critical path of a scaling event.

 

  • 90-Second Readiness: New instances can now be ready to inspect traffic within 90 seconds of a scale-out trigger if using “warm running” state 
  • Optimized Credit Use: Instances sitting in a Warm Pool are marked as "Allocated" but not "Consumed." Credits are only fully applied once the instance is pulled into active service.

 

2. Automated Cleanup with the Delicensing Manager

 

Reclaiming credits is now handled by the Delicensing Manager (DM), a new configuration object within Panorama that synchronizes your license pool with your AWS Auto Scaling Groups (ASGs).

 

  • 15-30-Minute Recovery: The DM monitors AWS lifecycle events. When an ASG terminates an instance or an instance fails a health probe, the DM reclaims the license and returns the credits to your pool within 30 minutes.
  • Resilient Failure Recovery: Because the DM communicates directly with AWS APIs, it can de-license a firewall even if the instance has suffered a kernel-level failure that would otherwise prevent the firewall from communicating its status.
  • Management Hygiene: The DM can be configured to automatically remove terminated firewalls from Panorama Device Groups and Template Stacks, reducing the manual effort required to keep your security console up to date.




0 Likes Likes
  • 170 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Labels
Contributors
Popular Blogs
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks