This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3505 Views
  • 0 replies
  • 0 Likes

PA VM-Series syslog ingest log to Azure log analytic workspace

Hi all, May i know if anyone had experience setting up VM Series FW to ingest the syslog to Azure log analytic? Is it the only is to setup a new intermediate syslog server install with Azure AMA, the VM series will send syslog to the new syslog server and AMA will ingest the log to log analytic ? Thanks for the help 🙂 Thank you, Meng Kiat

How to correlate AMI IDs and/or ProductCodeID with Palo Alto Bundles

Trying to figure out the ProductCodeID for each Palo Alto AMI on AWS Marketplace. On AWS, there are four of these: e9yfvyj3uag5uo5j2hjikv74n, a23dm9js55dw4ey8bzjcoq59u, 6njl1pau431dv1qxipg63mvah, hd44w1chf26uv4p52cdynb2o. On AWS GovCloud, there are six of these: e9yfvyj3uag5uo5j2hjikv74n, ds9pzkfhyprkziz6md6p6zry9, hd44w1chf26uv4p52cdynb2o, eyvc...

badnewty by L0 Member
  • 1051 Views
  • 0 replies
  • 0 Likes

Resolved! AWS NAT not coming back

Hello,I tried to setup the nat, I can see my NAT and Security rule are being hit, but traffic is not flowing Bundle 1Interface Swap (tested this with no swap too, and it didn;t work)All of the 3 interfaces disabled src destinationall of them same sg, 0.0.0.0./0eth0 and eth1 are on the same subnet (public) with a route 0.0.0.0/0 to igweth0 and et...

Screen Shot 2019-11-13 at 10.03.52 PM.png
Screen Shot 2019-11-13 at 10.13.30 PM.png
Screen Shot 2019-11-13 at 10.23.49 PM.png
nronica by L1 Bithead
  • 11084 Views
  • 7 replies
  • 0 Likes

SSL Forward Proxy for custom url with host and path

SSL decrytion works if i set custom url with host only like www.example.local, but failed to decrypt if i set it as 'www.example.local/image/' i found article below, it should support custom url with host+path, but now i suspect will pan really support host+path decrption https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000...

Active FTP in AWS

I'm looking for some assistance on this issue whilst I progress a support case. Has anyone managed to get Active FTP working through a Palo VM-Series in AWS. I am getting a problem whereby the control connection outbound on port 21 is successful (you can login to the FTP servers) but the pinhole/predictive session for the ftp data connection b...

Expanding a PANOS Firewall VM log file on KVM

There's plenty of discussions here and a couple of KB articles on adding disks to PAN VMs for extra logging space, but the only articles around for extending/increasing the size of the logging disk say to delete it and add a new one in its place. Downside to that is that you lose the logs that were on the disk at the time. I raised this with TAC...

Site-to-Site IPSEC between AWS and Azure (VM-Series)

I am trying to setup an IPSEC Site-to-Site VPN between our azure and aws environment, both of which have VM-300 series fw's running. I am able to get the tunnel up and see traffic coming across the link, but when i try and reach a resource on either end via PING/TRACE etc.. there is no response. I see the requests for the traffic in the PA going...

sscarola by L0 Member
  • 1831 Views
  • 1 replies
  • 0 Likes

Resolved! Equivalent of VLAN within Azure..

Probably one of the most simple questions going, but coming from a large on prem environment, I'm trying to understand how its meant to look from an AzurePOV.Typically, when we have a new server in say a /29 , i create a new sub interface for that vlan on the firewall, add a zone to it etc and crack on.Am i right in thinking that the "azure" way...

Downgrade from VM-300 to VM-100 on AWS (PAYG)

I have changed the instance type on my ec2 running PA-VM 10.2.4 from c5.2xlarge to c5.xlarged. As I know the VM license will be changed from VM-300 to VM-100 as well. After I changed, the VM License value on the dashboard was blank and the license was still VM-300. PS. I'm using a license from AWS Marketplace.

Tutchapon_0-1698655182444.png
Tutchapon_1-1698655383883.png

PA-VM in Azure - multiple Zones? (e.g. DMZ,Trust,Unstrust,etc)

In the deployment guides and conversations I've had it seems that the PA-VM firewall in Azure is typically designed around only four interfaces: trust, untrust, mgmt, HA. Two zones only: Trust/Untrust. Subnets used to isolate traffic. In my on-prem setups I've always had zones associated with either the interfaces or VLANs on those interfaces...

Same subnet VM not able to communicate to internet whereas other is working fine

I have PA-VA in Azure cloud, there is strange behavior for newly build VM 10.1.134.7 where logs are showing allow but machine not able to communicate to internet whereas existing VM 10.1.134.4 working fine. I just added new VM 10.1.134.7 in the same policy which is already there for existing VM 10.1.134.4.

No inbound traffic to external firewall interfaces in Azure and change to default NSG behaviour

Just wanted to share my experience with recent project and make you aware of the change in Azure default behaviour, which can save you some troubleshooting. As you may now, earlier this year Azure introduced Standard SKU for Load Balancers and Public IP addresses. The standard SKU has better functionality and the recommendations is to use it in ...

BatD by L4 Transporter
  • 8061 Views
  • 2 replies
  • 3 Likes

Risks of the AWS PA-VM license deactivation and reactivation

Can we get anyone explained the potential issues or risks when deactivating the PA-VM in AWS and reactivating them with different auth code? Here is the use case: We had a few PA-VM firewalls deployed in the different segments of our AWS environment. In the past, the licensing process and onboarding with Panorama are all manual processes and t...

Rockey by L0 Member
  • 4287 Views
  • 1 replies
  • 0 Likes

License Fetch failing

I've installed a pair of VM in AWS in HA. Currently the license page is blank in the GUI and the licenses seem unable to be installed on the device. I would appreciate ideas and help on how to address this. This is the result of the configd.log after a manual request license fetch 2023-10-16 13:43:42.324 +0200 debug: _device_cert_cb(pan_mgm...

  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks