This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3500 Views
  • 0 replies
  • 0 Likes

IPv6 support in Azure/AWS

Anyone already succeeded in getting IPv6 addresses working on our FW in Azure or AWS? Trying to get the mgmt-interface use an IPv6 address in order to connect to IPv6 Panorama.If required this can also be done via DP interface and service routing. Tried using the LB in Azure (which seems to be required). However, haven't been succesfull to far.I...

Moving public IP from VM to Palo Alto in Azure

We deployed a Palo Alto VM-300 in an existing Azure tenancy. During the process to move public IP Addresses from the Virtual Machine to the Palo Alto Untrusted Interface we ran into the following error. "Network interface associated with virtual machine does not allow different SKU type for public IP Address in IP configurations" The public I...

estoltz by L0 Member
  • 4990 Views
  • 2 replies
  • 0 Likes

When adding public ips to vm firewall, I want to know the maximum number of ips that can be added.

helloThere was a request from a customer to use the PaloAlto VM firewall.In response to the customer's request, the contents of the link below have been delivered to the customer.https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLlVCAWAfter checking the contents of the above link, the customer has asked us additional que...

Zero trust in AWS issue with ALB

We are trying to implement a zero trust environment inside our AWS cloud. We are using a transit gateway deployment, and have all traffic going through a secuirty vpc which houses a pair of PA-VM's. These firewalls are reached by the other VPC's through GWLB's. Because of this architecture when we are allowing inbound web traffic to our ALB's we...

nelsonc0 by L1 Bithead
  • 3291 Views
  • 2 replies
  • 1 Likes

Palo in AWS to Azure VPN Gateway

Hi All, I am trying to setup a site-to-to site VPN between Palo (v9.0.1) and Azure VPN gateway. I have a question and an issue that I am trying to resolve... NAT-T should be enabled in the gateway settings since AWS NATs everything? This is the error I keep getting... 2022-05-06 15:09:24.235 -0700 [INFO]: { 3: }: received IKE request 21.50.80.20...

Azure refarch template broken

https://github.com/PaloAltoNetworks/ReferenceArchitectures/tree/master/Azure-1FW-3-interfaces-existing-environment-BSThis is broken as of about 2 weeks ago from this post. New, undocumented field called "Custom Data" - need to state what needs to be put in here "Image Version" only works if you select "Latest" which forces you to 10.2 train (not...

AWS Gateway Load Balancer Target Group Instances Remain Unhealthy

We've deployed VM-Series into AWS INSPECTION VPC implementing the documented approach around use of a Gateway Load Balancer (GWLB) as an Endpoint Service then Endpoints in APPLICATION VPC so that inspection can be achieved when North/South traffic enters the application VPC and is routed to inspection layer as expected, so from an intended use p...

Oracle Cloud lower vCPU count

Hi all, try to figure out what will happen to my Vm-series FW in Oracle Cloud if I lower my vCpu count. Will the firewall know that the cores changed and adjust or will just crash? I'm using OCPUs and it doubles the vCPU when enabled. Thanks

SAML for management access to PA

Hi folks, We got a customer who needs to authenticate firewall admins (PA management) against Azure SAML.Azure only allows you to specify a unique SSO URL being the type https://<Customer Firewall FQDN>:443/SAML20/SP Problem is, this is a standard Active-Passive setup so in case of a failover, the source Customer Firewall FQDN becomes that...

JF18866 by L0 Member
  • 1883 Views
  • 0 replies
  • 0 Likes

Resolved! VM-Series Firewall with Flexible vCPUs throughput

VM-Series firewall can deploy with Flexible vCPUs model. Is it any reference to determine the throughput with different number of CPU such as "throughput versus CPU" table? As I know when the throughput needs change, I can simply allocate additional cores to scale the software firewall up.However, when I initial deploy the firewall, I would like...

JoeKwok by L2 Linker
  • 5680 Views
  • 1 replies
  • 0 Likes

New interface at Palo-alto VM in AWS EC2 instance not turning UP

On a PA-VM (VM500, SW ver- 10.0.8-h8.) in Amazon cloud EC2 instance, i am struggling to create a new interface and bring it up, tried below steps already-1. Created an ENI and attached to the respective EC2 instance.2. Source/Destination check disabled.3. Tried configuring different eth1/3-6 with same IP/Subnet as ENI.4. Tried multiple times but...

IT.OPS by L0 Member
  • 3947 Views
  • 2 replies
  • 0 Likes

PA VM-Series AWS - Upgrade Path downtime estimation

Hey all, I need to upgrade a PA-VM 300 (m5.xlarge) series running on AWS Plataform from 9.1.6 to 10.1.5-h1. Upgrade path will be the following : 9.1.6 => 9.1.14 => 10.0.0 => 10.0.10 => 10.1.5-h1 As this is a Stand-Alone FW, I will need to have an estimation about down-time regarding this upgrade path.Thanks in advance for your ...

Palo HA in Azure - traffic flow

I have a pair of VM300 gateways running 9.1.13 in Azure. I'm using a 'load balancer sandwich' approach to provide active active HA.The public load balancer in front of the firewalls does a good job of delivering inbound traffic. However, routing to the internal destinations from the inside of the firewalls isnt ideal currently. I find i have t...

How to upgrade PA on AWS and How much downtime do we need ?

Hi,I have the experience how to upgrade PAN os with ON-PRIMES .But I don't know how different on AWS and what is impact.I would like to upgrade my PA on AWS.my pan-os is 8.1.So It is very old . I would like to upgrade latest version. So let me know what is the best practice to upgrade PA on AWS.How much downtime i need to upgrade ?I noticed in d...

crypto by L2 Linker
  • 3362 Views
  • 2 replies
  • 0 Likes

Not displaying palo alto login page

Hi all,When i typed in my default gateway IP address it is displaying BT Smart Hub Manager page instead of Palo Alto login page.I did all the configuration connecting VirtualBox and Palo alto. Do I missing something why isn't displaying palo alto login page? It has been few days i am trying to find the solution. Help please.

Dilton111 by L1 Bithead
  • 12469 Views
  • 15 replies
  • 0 Likes
  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks