This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3503 Views
  • 0 replies
  • 0 Likes

GWLB deployment challenge

Dear Team, I need a suggestion before going for deployment on GWLB with PA series. Requirement: 2 PA VM series in aws behind GWLB, say PA 01 and PA 02, I want to configure IPsec with Site A but only with PA 01 and Tunnel with Site B only with PA 02. is there a way to achieve this, if yes then what will be the outbound flow from inside ...

Understanding palo alto license - VM count and vCPU

Dear Team, Our old employee has left the company and we have recieved below configuration from palo alto based on the requirements, Below is the spec. Install 6 VM NGFWs with 8 vCPUs, Each virtual firewall will have the following licenses: Advanced Threat Prevention, Advanced URL Filtering ,Advanced Wildfire, DNS Security, Global Protect,Dat...

N-Open by L1 Bithead
  • 2508 Views
  • 1 replies
  • 0 Likes

PANOS 10.2.4 VPC endpoint to interface mapping issue

Just installed a new VM-Series Virtual NextGen Firewall w/ Threat Prevention - Bundle1 AWS. Used the "request plugins vm_series aws gwlb associate .." command to link up some Gateway load balancer endpoints with the subinterfaces. When I used the show plugins vm_series aws gwlb to check the mapping, I realized that the output randomly switch so...

KimSiah_0-1695631865431.png
KimSiah by L1 Bithead
  • 2753 Views
  • 3 replies
  • 0 Likes

Bootstrap fails when including an "all-contents" file (Azure)

I'm using the bootstrap module from here: PaloAltoNetworks/terraform-azurerm-vmseries-modules: Terraform Reusable Modules for VM-Series on Azure (github.com) When deploying the bootstrap module in Azure with both bootstrap.xml and an "all-contents" file (e.g., panupv2-all-contents-8616-7550 downloaded from the support portal), the bootstrap fa...

Certificates on Palo alto - Types to be installed

Dear memebers, We are going to use palo alto vm series firewall on Azure and like to take your advice on the type of certificates to be installed. The firewalls will be public facing front end by Azure application gateway. The FW will be protecting a web site running on the background. If my understanding is correct, I need 2 types of certi...

N-Open by L1 Bithead
  • 1248 Views
  • 1 replies
  • 0 Likes

Palo alto - VM series - vCPU Count

Dear memebers, I need your advice on the vCPU count of the Palo alto. Our old employee has left the company and we have received below configuration from palo alto based on the requirements, Below is the spec. Install 6 VM NGFWs with 8 vCPUs, Each virtual firewall will havethe following licenses: Advanced Threat Prevention, AdvancedURL Filteri...

N-Open by L1 Bithead
  • 1880 Views
  • 1 replies
  • 0 Likes

Resolved! VM Series FW - Traffic from Cloudflare

Dear Members, Hope you are doing well. We are looking to protect our 2 internet facing VM series firewall by using cloudflare. The plan is use the magic transit tunnel from cloudflare and pass the traffic to internet facing vm series. Once i create the magic transit tunnel at cloud flare side, what should be the end of the tunnel connected...

N-Open by L1 Bithead
  • 6424 Views
  • 5 replies
  • 0 Likes

Resolved! PA-VM in Azure - multiple Zones? (e.g. DMZ,Trust,Unstrust,etc)

(sorry for the repost but the other forums/topic areas just don't ever seem to get a response when I post there and are much less active) In the deployment guides and conversations I've had it seems that the PA-VM firewall in Azure is typically designed around only four interfaces: trust, untrust, mgmt, HA. Two zones only: Trust/Untrust. Subn...

VM-Series on - Sizing, Internet traffic, Scalability Considerations

Dear Members, Hope you are doing well. We need your support for VM-series FW setup on Azure and considerations. We are planning to use 2 VM series in internet facing traffic and 2 VM series for internal traffic management. When deploying these VMs what points we need to keep in mind so that we can expand these in the future based on the tr...

N-Open by L1 Bithead
  • 1255 Views
  • 1 replies
  • 0 Likes

How to take VM series BYOL trial License?

Hello experts! I want to take a trial license for BYOL for the VM series next-generation firewall in Azure. Can you please let me know if we can have a trial license from Support? My second question is, can you provide me the link from where I can contact support for BYOL license purchasing? Thanks! Nidhi

Issues with Overlay Routing and AWS Gateway Load Balancer

Hey Folks, I am having difficulties to get Overlay routing working with AWS GWLB and I was wondering is it something that I am doing wrong or missing some configuration element... Any of you using AWS GWLB with overlay routing enabled? In my test setup when overlay routing is enabled the test VM is able to reach internet over the PAN FW - ...

SSL Forward Proxy Configuration Question

Trying to get SSL Forward Proxy configured for one of my sites and had a quick question around the configuration. For the certificate I need to put the IP address for the trust side of open flame-grilled. The problem is I am not sure which Interface IP address to use validation code... MYBKExperience All of my internal subnets and VLANs have int...

Rekey causes VPN tunnel to stop sending network traffic

Hello everybody, I'm having a weird issue with VPNs between a Palo Alto Cloud Firewall (PanOS9.1.3h) and Cisco Meraki Z3.All VPN Tunnels are established propely, but after a random period of time during the rekey step, a tunnel stays online, but network traffic can't be send anymore. We are currently having 5 of these connections with the same i...

  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks