This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3501 Views
  • 0 replies
  • 0 Likes

Data Plane CPU utilization Reaches more than 90 %

model: PA-VMvm-license: VM-SERIES-4vm-cap-tier: T2-14GBvm-cpu-count: 4 Data Plane CPU utilization Reaches more than 90 % . Is there any Limit on PPS for Azure VM-SERIES-4 . I think 525895 Kbps is well under the limit . Is PPS causing the issue ? . Session table: 1% , Packet buffer: 10% , Packet descriptor: 0% , SW tag descriptors: low all seems ...

Help Needed: NAT & Security Policy Configuration for Azure LB → Palo Alto → DMZ Webserver (Public IP)

Hello Team,Goal:I want to access the DMZ Webserver (Public IP) via the Azure Load Balancer Public IP.Current Setup:Azure Public Load Balancer is created with Frontend IP, Backend Pool, and Health Probe.Palo Alto Firewall VM is added to the backend pool.DMZ VM (Webserver) is running with a Public IP.Issue:Load Balancer backend pool is correctly f...

ARM Template fails due to Availability Set

Hi All, I am trying to deploy Azure-1FW-3-Interfaces-existing-environment using following ARM template https://github.com/PaloAltoNetworks/ReferenceArchitectures/tree/master/Azure-1FW-3-interfaces-existing-environment However, deployment fails due to following error. Availability set created with 'Aligned' SKU and Managed 'YES' "code": "Op...

VM Series Azure Active/Active Deployment

Hi All, I want to deploy two PA firewall in Azure, in an existing resource group in an Active / Active scenario. Inside Load Balancer will be used to distribute traffic. Should I also setup HA to store active session, NAT, etc. In case one VM goes down existing session switchover to second VM. Is there any reference guide for Active/Active depl...

Resolved! VM-Series active/passive deployment over GitHub fails

Hello Community, I am currently trying to perform an HA deployment in Azure.To do this, I am using the ‘Azure HA Deployment’ via GitHub and the embedded link where I can then deploy the VM series in the Azure Portal. Here are the links to the topic: https://docs.paloaltonetworks.com/vm-series/11-1/vm-series-deployment/set-up-the-vm-series-fi...

Resolved! VMSeries on Azure using Existing Resource group and VNET

Hi All, I am trying to setup a new VM series PA firwall in Azure. However, I want to use existing resource group and VNET. I wonder which ARM template (Github) will best fit in my scenario? Can I deploy first firewall using "Azure-HA-Deployment" https://github.com/PaloAltoNetworks/Azure-HA-Deployment or I need to modify "two-tier-sample" ARM...

VM-Series Next Generation Firewall in Azure

Hi All, Can you please share any official document that guide VM-Series Next Generation Firewall (Virtual machine) with BYOL option. I need your help around this as I couldn't get any dedicated document to build steps. Only document I could find is "Deploy the VM-Series Firewall from the Azure Marketplace (Solution Template)" which reflects a...

AWS GWLB with secondary appliance in chain

I'm working with a dedicated inspection VPC+GWLB for the first time. I have the TGW, GWLB, and general routing working with just the Palo in play. East west traffic from vpc1 to vpc2 is correctly going into the inspection VPC and I can see the traffic in the Palo logs, etc...My question is: we want to add a second device in the chain. On prem we...

scotto by L0 Member
  • 2678 Views
  • 1 replies
  • 0 Likes

Multi-Zone PA-VM in Azure using different Front-End IP

I'm trying to come up with a architecture design using PA-VM in Azure on a Transit-VNET. I'm familiar with the reference architecture but this limits me to only Trust & Untrust zone. I also understand that doing PA-VM in cloud recommends using Azure service tag with DAG rather than the old mindset of Zone-based. For the sake of discussion,...

F.Eisma by L0 Member
  • 1259 Views
  • 0 replies
  • 0 Likes

SSH certificate authentication

Hi, I wanted to know if it is possible to require SSH certificate authentication as opposed to password authentication when doing a SSH logging into azure-hosted VM-series virtual firewalls? If this is possible, where can I find documentation that address this? I'm looking to improve security as certificate auth is orders of magnitude better tha...

Resolved! AWS PAN-OS 11 Interfaces never become active

I'm trying to bring up a new PAN-OS 11.1 instances in AWS, installed from aws-marketplace/PA-VM-AWS-11.1.0-f1260463-68e1-4bfb-bf2e-075c2664c1d7. I am able to reach the management IP address, both SSH and the web UI are working. However the two intended network interfaces never appear in "show interface all" nor in the UI Network > Interfaces ...

Screenshot 2023-12-24 at 9.01.21 AM.png
DGentry by L1 Bithead
  • 6961 Views
  • 4 replies
  • 1 Likes

Source NAT (DIP or DIPP) using a pool of addresses

I want to use source NAT going outbound across a pool of addresses. Is it possible to do distribution across the pool of addresses in round-robin fashion? In my testing with initiating connections from a single host, it is persisting with the same source nat address on egress. I want it to differentiate the source NAT address per TCP socket o...

AWS IPSec tunnel active/active HA with BGP

Looking for some help here. I have an ongoing case with support concerning AWS tunnel issues. My production FWs are active/active but not in sync. Just always been that way, it's the way I inherited it. I have 4 tunnels to AWS (2 on each FW) BGP all works fine but if I reboot one FW when it comes back it blows up all the tunnels. So support...

jdemares by L1 Bithead
  • 3179 Views
  • 1 replies
  • 0 Likes

VM-seires sizing on AWS and Azure

hello experts, Plan to implement VM FW on AWS and Azure. Gone through the credit calculator https://www.paloaltonetworks.com/resources/tools/ngfw-credits-estimator Just wondering how many vCPU is required. Except throughput, CDSS and number of GW, what else should i need to put into consideration, more specific the requirement on the cloud plat...

  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks