This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3508 Views
  • 0 replies
  • 0 Likes

how to setup palo alto for dual stack for IPv6 internet

Hi, I have configured PAVM in azure with IPv4 and everything is working fine. so I decided to add IPv6 as a Dual stack. And Azure provided me single Public IPv6 and it configures on the Azure load balancer and mapped with an untrust interface on the firewall with my private IPv6 range fd6e:8b94:25ca:b001::/64, and on trust interface range is fd6...

AWS keypair failing authentication to PA-VM

AWS ssh publickey failing while connecting to PA-VM, falls back to password authentication which obviously fails. I suspect some of this behavior is due to macos and openssh deprecating ssh-rsa, PAN-OS 9.1.14 offers ssh-rsa which is rejected by default, -oHostKeyAlgorthms=+ssh-rsa will avoid this issue. Also tried -oPubkeyAcceptedKeyTypes=+ssh-r...

Azure multiple public front ends on load balancer

Using multiple front end IPs to split my internet facing applications. Seemed to solve the health probe issue with splitting static 168.63.129.16/32 azure routes between virtual routers, but inbound traffic doesn't seem to know where to go. Single public application worked no problem, as soon as second front end IP is added, the VM series stops ...

joeritt by L0 Member
  • 5452 Views
  • 2 replies
  • 0 Likes

FTP Server behind Palo Alto pair and Azure External Load Balancer Not getting directory

I have a "HA" pair of firewalls in Azure sitting behind an external Load Balancer. I have a FTP server that I have to configure behind the firewalls. I am able to connect locally to the FTP server and it works as expected, but when I point the FTP client to the Public IP address of the LB, I am able to connect, but not get the directory. I am ...

Azure NAT Rule closing VPN Tunnel

Good Afternoon,We have a VPN tunnel established b/t an Azure VPN GW and a PA 3020 running 9.1.10.We need to add a NAT rule on the Azure side. When we apply the NAT rule, the tunnel closes.Azure docs on this topic are less than helpful and I have not found an article or guide here yet. Appreciate any recommendations. Thanks.

VM-300 Inaccessible and Failover Occurred

Hello all, Currently, my customer is working on 9.1.12-h3 and they experienced Inaccessible and Failover Occurrences in VM-300. Therefore, I looked around TSF and found out that failover proceeded after the message pan_hash_init(pan_hash.c:113): nbuckets 2000 is not power of 2! MP and DP are stable.[sysd.log]2022-09-29 06:09:51.126 +0800 De...

Deploying Panorama to Azure gaining initial access.

I am deploying a Panorama VM into Azure. I setup the VM according to the documentation at https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/set-up-panorama/set-up-the-panorama-virtual-appliance/install-the-panorama-virtual-appliance/install-panorama-in-azure but have not been able to gain access to the machine as of yet. I made it to...

Cannot connect VM series firewall to Panorama in AWS

   Hello, We are trying to set up a new deployment in AWS consisting of two firewalls managed by a Panorama server. For starters, we deployed one firewall and one Panorama instance. They are in the same VPC, different subnets. Security groups currently allow all TCP to/from the Panorama server and the firewall. Both Panorama and the firewall ha...

fwlogs.png
panlogs.png
broke.png

Palo VM-Series

Is it a requirement that the subnets within Azure be named "Trust" and "Untrust" I currently have them named to Inside and outside and wanted to make sure this wouldnt case something to not work/route etc...

Is there a document related to azure HA Link and path monitoring function support?

According to the Admin guide, there is a phrase that does not support link path monitoring in the case of aws, but the contents of Azure are not mentioned https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-web-interface-help/device/device-high-availability/ha-link-and-path-monitoring But Azure doesn't seem to have this function either Is t...

Are you using certificate profiles for Azure SAML authentication?

Setting up SAML authentication for the first time from a new Azure instance and having multiple issues. I had an idea how it would work, that Azure would provide an internal CA and SAML gateway (IDP) certificate, and then assign us a certificate (w/private key) to use on the firewall. However, we are only getting a self-signed certificate for th...

Overlay routing for specific VPC

In AWS, I know how to enable overlay routing using the following commands: request plugins vm_series overlap-routing enable yes, but can we have VPCs in a specific account handle overlay routing and VPCs handle overlay routing?Is there only an option to handle full overlay routing?https://docs.paloaltonetworks.com/vm-series/10-1/vm-series-deploy...

  • 705 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks