VM-Series License limits - VIrtual Routers

I have seen documentation outlining the differences in the number of Rules, VPNs, sessions and zones for each VM-Series license, but i think there are also limits on the number of Virtual Routers you can create on each VM license.

Is there any documen

AWS secondary CIDR on VPC ability to NAT to PAN in original CIDR

Hey all,

It has finally happened and we ran out of IPv4 space on Primary CIDR block for our VPC. We created a new CIDR and associated it to the same VPC. However it appears that I can't associate an ENI in the new CIDR to our Palo Alto in the original

VM-Series firewalls in Azure with multiple private zone NICs behind Internal LB not maintaining session

I have a use-case: There are 2 VM-Series Palo-alto firewalls deployed in Azure behind Internal Load Balancer. Each firewall has 3 private zone interfaces and Internal LB has 3 Frontend-IPs, one for each firewall interface subnet, the request traffic

Site to site VPN tunnel in Azure

We need to build a site to site tunnel between on premise and Azure cloud so we are planning to use Palo Alto firewall in Azure,  since we have a requirement to hide VNET subnet in cloud as well as in on premise subnets from each other while sending

VM-Series High Availability on ESXi?

Hi there, I am really new in network virtualization. I want to ask about high availability in Palo Alto VM-Series. We are going to buy two VM-200 (1 for Internal, 1 for External) and will install it on ESXi. I want ask for your advice.

1.Should I buy

Palo Alto 10.0 firewall in HA in Azure

Hi, 

We are trying to test VM series firewall in HA without load-balancer and following the documentation listed on PA website, can someone confirm if the document is well tested and we are seeing issues in connectivity and Template for secondary fir

S2S VPN from PAloAlto to azure cloud

Hi 

we would like to S2S VPN from plaotAlto to Azure cloud  

Azure InterfaceEndpoint Routes Bypassing Palo Alto Firewall

Situation:  Deployed two Palo Alto VM firewalls in Azure in a 'Transit VNet' following the Palo Alto Networks design, https://www.paloaltonetworks.com/resources/reference-architectures/azure.  

When you peer a VNet to the Transit VNet, the remote VN

Panorama network and device templates not syncing to firewall

Hello,

We are trying to set up a new deployment in AWS consisting of two firewalls managed by a Panorama server. 

For starters, we deployed one firewall and one Panorama instance. They are in the same VPC, different subnets. Security groups currently

Policy is not getting pushed

when we are trying to do policy push from Panoroma to firewalls it is getting failed and firewall is seen in out of sync state

PA-VM8.1.0 Initial Password Not Working

Hello,

I installed PA-VM8.1.0-KVM-8.1.0.qcow2 in my GNS3 lab and the username/password admin/admin is not working. Is there another username/password I can try? I also loaded PA-VM8.1.0-KVM-8.0.0.qcow2 and PA-VM7.1.0-KVM-8.1.0.qcow2 and the username/

GlobalProtect pre-login prompts when multiple certificates available, after login

We have user and computer certificates as an option so we can use pre-login. It works great, but our computers have multiple user and multiple computer certificates which causes GlobalProtect to pop-up after login asking to select one. The user has t

real client IP in VM series firewall in GCP cloud

Hi Members,

I have a setup in GCP cloud wherein I have to deploy set of vm series palo firewalls between load balancer and real servers.

The problem is I need to know the exact IP address of the client whereas if you see in firewall logs, you will get

Cannot route any traffic to my internal VNETs unless the incoming traffic is source NATed to the internal inerfaces

Hello everyone, 

I am new to the Palo Azure environment. I have everything set up with 4 Palo VM instances between an external and internal load balancer.  I am having an issue with NAT where traffic from the outside will not route to my internal VNE

VMs cannot access the Internet

Hello,

Hope I get some direction/solution here.

VM (10.9.8.4) can ping trusted interface (10.8.130.4) of PA but with packet loss!!! However, tracert 8.8.8.8 does not show the trusted interface as next hop....request timed out. Cannot go to the Intern