This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3522 Views
  • 0 replies
  • 0 Likes

Resolved! USER-ID policies + FULL azure ad

Hello everyone , I'm having a problem that I can't solve. I'll explain the context.I am in full AZURE AD.My computers are enrolled via INTUNE I would like to be able to set up user-based firewall rules.I set up the "cloud identity engine" (linked to azure ad), I can see my groups and my users in the palo alto.When I create a firewall rule and I ...

LCutman by L1 Bithead
  • 7832 Views
  • 8 replies
  • 0 Likes

Does the firewallnew-vpc-v3.0.template only create BYOL vm series instances ?

I am trying to setup a Security VPC in AWS using CloudFormation template "firewallnew-vpc-v3.0.template". I wanted to set up a Security VPC with auto-scaling group attached FW. As I read thru the doc, One pre-requisite before launching the template states that - Add the authcode for your BYOL licenses to this file( the authcodes file), Do...

KimSNG by L0 Member
  • 1095 Views
  • 0 replies
  • 0 Likes

SAML SSO with Azure AD Authentication

We have configured SAML SSO for Palo Alto VM Series on Azure with Azure AD authentication but somehow the SAML SSO configuration is not working. Please find the details below: 1. Our Palo Alto NGFW VM is hosted on Azure. 2. We have created an Palo Alto Global Protect enterprise app on azure and configured the SAML SSO on it. 3. We have importe...

Palo Alto active-active HA setup in MS Azure

Hello Team, Greetings, Does azure deployment support Palo Alto in active-active HA setup? documents in PA end refers only active-passive setup. Also is Panorama really require to deployed it as Active-Active in azure ? Please share your thoughts to deployed it as Active-Active in azure? Thank You Brajesh

Automatic Variables

We have multiple sites. Each of these sites has a terminal number. For instance Orlando, Florida would be terminal 105 and New York, NY would be terminal 84 . When creating networks for our site, a user vlan gateway is always 10.terminal.140.1, for Orlando it would be 10.105.140.1 . Their DHCP range would be 10.T.140.100-10.T.140.200, so for Orl...

sskannan by L1 Bithead
  • 995 Views
  • 0 replies
  • 0 Likes

Routing public websites via Palo in Azure?

I have a pair of VM-300 in a load balancer sandwich configuration in Azure. An internal load balancer is on the inside and handles outbound traffic. An external load balancer is on the outside and is intended for inbound traffic from internet. I can assign a public IP as the front end of the external load balancer. My first question - can a sin...

Help moving a Palo VM to another Azure region

Hi all, so I made a boneheaded move and set up our Palo VM in US East when I should have done it in US East 2. I'm trying to use the Azure Resource Mover tool to move it to a resource in US East 2, but it keeps failing at the "Prepare" stage. The error it's giving me is related to the Azure Site Recovery Agent on the Palo VM. I have no idea what...

Maxstr by L1 Bithead
  • 1636 Views
  • 0 replies
  • 0 Likes

Site to Site VPN Unable to Ping Azure VM

Hello. I recently setup our Site to Site VPN to Azure and am having an issue with pinging to Azure from OnPrem. The tunnel shows connected and I can ping my on Prem devices from Azure without issue. I used this article to setup the connection: https://thetechl33t.com/2020/11/18/azure-site-to-site-vpn-with-palo-alto-firewall/ I setup the ...

How to secure outbound traffic from Azure?

This question might sound stupid but I'm banging my head against the wall trying to figure out how to make this work and I cannot find any documentation anywhere on this website that answers this (simple) question. I'm trying to setup a VM Series Palo Alto firewall in Azure, to secure outbound (not inbound) traffic from my Azure virtual machin...

Resolved! Active/active gateways in Azure and Panorama

I have two gateways in Azure operating as an active/active pair. They use the load balancer sandwich topology. I'd like to manage the pair from Panorama. Having a shared policy appears to be difficult. The two can share a security policy easily enough. But the rules in a NAT policy reference IP addresses specific to a firewall. Example; a sourc...

Backup settings for firewalls

Hi Guys, I have a few firewalls VM series e and they are in production. The virtual firewalls' configs are being backup by panorama. Since we have multiple admins (systems & networks & managers) who can access portal and are able to create/modify network settings are there ways to prevent people from modifying the production settings...

tinhnho by L3 Networker
  • 2089 Views
  • 2 replies
  • 0 Likes

Internal eni in PA is not pingable from aws servers and f5

I have a PA and F5 vm deployed in aws management segment. I also attached an internal eni to PA vm to connect to f5 vm and f5 also has an internal eni from same subnet of internal eni as PA, and f5 also has an external eni along with elastic ip for internet access which is working fine, but im not able to ping internal enis eachother (ie., from ...

grr9949 by L0 Member
  • 1381 Views
  • 0 replies
  • 0 Likes

Set Password via AWS bootstrap

The documentation seems (to me) to be unclear on how to set a password when bootstrap'ing the configuration. It seems to be that you simply need to set a valid bootstrap config and it should take, however that is not working. It seems to be that the config took (we are setting IP statically on mgmt port) but the password configuration is not wor...

  • 709 Posts
  • 107 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks