This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3501 Views
  • 0 replies
  • 0 Likes

Deploying a VM-Series in Azure using Terraform and Bootstrap

I have to admit it, I love to create good examples that others can follow. I know the PAN team has published some great examples up on Github. But I figured I would publish my own example of how to deploy a VM-Series firewall in Azure using Terraform and Bootstrap. I hope someone finds it useful. It can be found here: https://github.com/dustint...

DTG123 by L1 Bithead
  • 10105 Views
  • 1 replies
  • 6 Likes

Resolved! HA on AWS Using a Secondary IP

Hi, Just checking if anyone has successfully deployed the latest HA mode "secondary-ip". Unfotunately the deployment guides can be described more as "guides" rather than detailed instructions. Furthermore they are fragmented so one has to scramble over different places and review pages, sometimes unrelated to the new mode 😅. Anyway my issue...

ha_secondary_ip.drawio.png

Resolved! Elastic IP's not responding on Palo Alto VM

Greetings All, I have a very basic question and basic issue. I have Palo Alto up and running in my lab on AWS. I can connect to the Management Interface just fine. I have added eth1 to the the PA and configured the access for ping, ssh, https, etc. Also created the zone. I am using the default virtual router. From within my VPC using anothe...

Hitting IPsec Tunnel Limit on M-300

We are hitting a software limitation on the max number of IPsec Tunnels allowed for our VM-Series Next-Generation Firewall Bundle 2. This was purchased through AWS Marketplace and there is no clearly defined upgrade path for us to follow. The Palo Alto website shows that we can get from the M-300 to the M-500 or M-700... No mention on how to do ...

rpwags by L0 Member
  • 1963 Views
  • 1 replies
  • 0 Likes

PA-VM Upgrade steps

PA-VMVM-3009.0.8 to 9.0.10vm_series-1.0.11 Sorry for the (probably) simple question, but I've never done a Software Version upgrade on a Palo VM before. Other than the usual steps to update, what other considerations do I need to take into account? How do i know if I need to update the plug-in or not? If so, do I update the plug0in first? Any...

Sync Cloud PA between 2 FWs in AWS

We have 2 fw PA on AWS cloud. Each firewall is on their respective Zone. Currently, Zone B is shutdown. The question is: We need to avoid turn on components in the zone B (due to our limited resources), but, we need to sync up boths firewalls. Requirement is that load balancer must not be detect that firewall A is down. This load balancer is d...

apazmino by L1 Bithead
  • 1903 Views
  • 0 replies
  • 0 Likes

Approches for certificate deployment for SSL decryption in public cloud?

I would like to hear which approaches could be used to deploy and automatically deploy trusted root certificates for servers in the public cloud (Containers, Virtual machines, serverless functions) in order to decrypt its traffic.Approved images for deployment that includes the certificate?Ansible?Auto-remediation with prisma cloud? Thanks!

Subnet to Subnet communication through PA-VM

G'day All, I was wondering if anyone can guide me with an issue I am facing. We have Hub & Spoke model and want to have all Subnet to Subnet as well as VNET to VNET traffic to pass through PA. SUBNETS: Do I need to add them to the already existing Interfaces below? Or make changes to the routing table?

SUBNET.png
FW.png

Global Protect Portal unreachable on AWS deployed VM series

Hello all, I am trying to configure Global Protect Portal on AWS using PA VM Series (10.1.5) using three interfaces and with swapped data/management interfaces as I am planning to put GWLB in front for ingress. Anyhow I am following multiple guides including official ones to configure Global Protect Portal, but none of the configuration works. A...

CPUID question to VM-Series

For Azure VM-Series, can CPUID be the same per instance?Customers say that 4-7 CPUIDs are all the same in the VM-Series.The serial number is different for each instance, but can the CPUID be the same?I know that CPUID is a unique value of VM-Series. I think that the eigenvalue should be different for each instance. What do you think?

future by L1 Bithead
  • 1696 Views
  • 0 replies
  • 0 Likes

Azure Deployment instructions don't work - web interface won't load

I tried deploying the vm series firewall in an Azure environment using the steps here https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-azure/deploy-the-vm-series-firewall-on-azure-solution-template#ide37bac08-683a-4245-a412-2f74a56855fa I followed every step exactly as indicated but when I g...

Driver issue with PA-VM 10.1.3 deployed in Azure public cloud

Hi Folks, We have an PA-VM-100 series firewall deployed in the Azure cloud. We have three NIC cards mapped to the firewall interfaces which is configured as below:NIC card 1 <-----> Management interfaceNIC Card 2 <----> Untrust interface(Ethernet 1/1)NIC Card 3 <----> Trust Interface(Ethernet 1/2) Recently we had upgraded the f...

GWLB Sub-Interface

Hello, Question about GWLB and sub-interface mapping. If I have 2 VPCs (VPC-Shared and VPC-Production) and I associate VPC-Shared with a GWLB Endpoint to sub-interface e1/1.100 on a zone also named VPC-Shared and VPC-Production with an endpoint to e1/1.200 on zone called VPC-Production. When I send traffic from the VPC-Production to VPC-Shared...

  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks