This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3528 Views
  • 0 replies
  • 0 Likes

GCP VPC Peering

Hi, We are deploying PA VM in GCP (Common Firewall Deployment Architecture). Deployment Architecture is attached. In Trust VPC we have configured Internal Load Balance (TCP), Created VPC Peering between Trust VPC & Web VPC. From Trust VPC Instance (VM) we are able to ping Web VPC Instance (VM) & Vice Versa. Web VPC Default route is...

Resolved! IKEv2 IKE SA negotiation is failed as responder, non-rekey. Failed SA

I am not sure why am I getting this IKEv2 IKE SA negotiation is failed as responder, non-rekey. Failed SA error when my custome is trying to send traffic to my VM-100 via IPSEC tunnel. This was working until yesterday but suddenly it stopped working since morning. There isn't any changes happened on both sides. Attached logs. ====> Failed SA...

kshukla by L1 Bithead
  • 162910 Views
  • 9 replies
  • 2 Likes

VM series firewall on AWS | subnet planning

I'm planning to deploy VM series on AWS cloud, however I need clarification on VM subnet selection. As per documentation, we have to attach 3 NIC in the VM , one each for Mgmt,WAN & LAN. My question is whether all NIC have to same AZ, e.g us-west-2a ? I've designed 10.100.0.0/16 for VPC and 10.100.0.0/24,10.100.2.0/24,10.100.4.0/24 for 1a-,1...

GWLB deployment challenge

Dear Team, I need a suggestion before going for deployment on GWLB with PA series. Requirement: 2 PA VM series in aws behind GWLB, say PA 01 and PA 02, I want to configure IPsec with Site A but only with PA 01 and Tunnel with Site B only with PA 02. is there a way to achieve this, if yes then what will be the outbound flow from inside ...

Understanding palo alto license - VM count and vCPU

Dear Team, Our old employee has left the company and we have recieved below configuration from palo alto based on the requirements, Below is the spec. Install 6 VM NGFWs with 8 vCPUs, Each virtual firewall will have the following licenses: Advanced Threat Prevention, Advanced URL Filtering ,Advanced Wildfire, DNS Security, Global Protect,Dat...

N-Open by L1 Bithead
  • 2604 Views
  • 1 replies
  • 0 Likes

PANOS 10.2.4 VPC endpoint to interface mapping issue

Just installed a new VM-Series Virtual NextGen Firewall w/ Threat Prevention - Bundle1 AWS. Used the "request plugins vm_series aws gwlb associate .." command to link up some Gateway load balancer endpoints with the subinterfaces. When I used the show plugins vm_series aws gwlb to check the mapping, I realized that the output randomly switch so...

KimSiah_0-1695631865431.png
KimSiah by L1 Bithead
  • 2850 Views
  • 3 replies
  • 0 Likes

Bootstrap fails when including an "all-contents" file (Azure)

I'm using the bootstrap module from here: PaloAltoNetworks/terraform-azurerm-vmseries-modules: Terraform Reusable Modules for VM-Series on Azure (github.com) When deploying the bootstrap module in Azure with both bootstrap.xml and an "all-contents" file (e.g., panupv2-all-contents-8616-7550 downloaded from the support portal), the bootstrap fa...

Certificates on Palo alto - Types to be installed

Dear memebers, We are going to use palo alto vm series firewall on Azure and like to take your advice on the type of certificates to be installed. The firewalls will be public facing front end by Azure application gateway. The FW will be protecting a web site running on the background. If my understanding is correct, I need 2 types of certi...

N-Open by L1 Bithead
  • 1291 Views
  • 1 replies
  • 0 Likes

Palo alto - VM series - vCPU Count

Dear memebers, I need your advice on the vCPU count of the Palo alto. Our old employee has left the company and we have received below configuration from palo alto based on the requirements, Below is the spec. Install 6 VM NGFWs with 8 vCPUs, Each virtual firewall will havethe following licenses: Advanced Threat Prevention, AdvancedURL Filteri...

N-Open by L1 Bithead
  • 1937 Views
  • 1 replies
  • 0 Likes

Resolved! VM Series FW - Traffic from Cloudflare

Dear Members, Hope you are doing well. We are looking to protect our 2 internet facing VM series firewall by using cloudflare. The plan is use the magic transit tunnel from cloudflare and pass the traffic to internet facing vm series. Once i create the magic transit tunnel at cloud flare side, what should be the end of the tunnel connected...

N-Open by L1 Bithead
  • 6554 Views
  • 5 replies
  • 0 Likes

Resolved! PA-VM in Azure - multiple Zones? (e.g. DMZ,Trust,Unstrust,etc)

(sorry for the repost but the other forums/topic areas just don't ever seem to get a response when I post there and are much less active) In the deployment guides and conversations I've had it seems that the PA-VM firewall in Azure is typically designed around only four interfaces: trust, untrust, mgmt, HA. Two zones only: Trust/Untrust. Subn...

  • 709 Posts
  • 107 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks