Hello @aleksandar.astardzhiev , I know that for cloud environments GARP is not possible and this why the Plugin exists so that the pulic floating ip can be changed with API requests to the cloud environment. As the deployment is for Globalprotect VPN active/passive is selected and with floating ip addresses you can do similar thing by using the just one floating IP address as seen in https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/high-availability/set-up-activeactive-ha/determine-your-activeactive-use-case/use-case-configure-activeactive-ha-with-floating-ip-address-bound-to-active-primary-firewall .
I was wondering to do something like I do for the F5 devices seen in https://github.com/F5Networks/f5-azure-arm-templates/blob/main/supported/failover/same-net/via-lb/3nic/alternate-deployment-topologies.md that uses the F5 virtual server objects that are active only on one device in HA pair, similar to the floating ip address but maybe my idea is a little non standard as most will use the Azure LB load balancing method and persistance, so that the same users go to the same firewall as in the discussion you mentioned, to make active/active without a floating ip address but I prefer to make certain that just one firewall is active.
The Palo Alto FW as a service could be nice but not from what I have checked for Globalprotect VPN deployments, also Prisma Access is still not on the table at this moment.
... View more