VM-Series High Availability on ESXi?

Hi there, I am really new in network virtualization. I want to ask about high availability in Palo Alto VM-Series. We are going to buy two VM-200 (1 for Internal, 1 for External) and will install it on ESXi. I want ask for your advice.

1.Should I buy

Palo Alto 10.0 firewall in HA in Azure

Hi, 

We are trying to test VM series firewall in HA without load-balancer and following the documentation listed on PA website, can someone confirm if the document is well tested and we are seeing issues in connectivity and Template for secondary fir

S2S VPN from PAloAlto to azure cloud

Hi 

we would like to S2S VPN from plaotAlto to Azure cloud  

Azure InterfaceEndpoint Routes Bypassing Palo Alto Firewall

Situation:  Deployed two Palo Alto VM firewalls in Azure in a 'Transit VNet' following the Palo Alto Networks design, https://www.paloaltonetworks.com/resources/reference-architectures/azure.  

When you peer a VNet to the Transit VNet, the remote VN

Panorama network and device templates not syncing to firewall

Hello,

We are trying to set up a new deployment in AWS consisting of two firewalls managed by a Panorama server. 

For starters, we deployed one firewall and one Panorama instance. They are in the same VPC, different subnets. Security groups currently

Policy is not getting pushed

when we are trying to do policy push from Panoroma to firewalls it is getting failed and firewall is seen in out of sync state

PA-VM8.1.0 Initial Password Not Working

Hello,

I installed PA-VM8.1.0-KVM-8.1.0.qcow2 in my GNS3 lab and the username/password admin/admin is not working. Is there another username/password I can try? I also loaded PA-VM8.1.0-KVM-8.0.0.qcow2 and PA-VM7.1.0-KVM-8.1.0.qcow2 and the username/

GlobalProtect pre-login prompts when multiple certificates available, after login

We have user and computer certificates as an option so we can use pre-login. It works great, but our computers have multiple user and multiple computer certificates which causes GlobalProtect to pop-up after login asking to select one. The user has t

real client IP in VM series firewall in GCP cloud

Hi Members,

I have a setup in GCP cloud wherein I have to deploy set of vm series palo firewalls between load balancer and real servers.

The problem is I need to know the exact IP address of the client whereas if you see in firewall logs, you will get

Cannot route any traffic to my internal VNETs unless the incoming traffic is source NATed to the internal inerfaces

Hello everyone, 

I am new to the Palo Azure environment. I have everything set up with 4 Palo VM instances between an external and internal load balancer.  I am having an issue with NAT where traffic from the outside will not route to my internal VNE

VMs cannot access the Internet

Hello,

Hope I get some direction/solution here.

VM (10.9.8.4) can ping trusted interface (10.8.130.4) of PA but with packet loss!!! However, tracert 8.8.8.8 does not show the trusted interface as next hop....request timed out. Cannot go to the Intern

AWS VM-series - untrust interface - eating packets

Hi Guys,

I am working on inbound (from the internet) flow on the VM-series untrust interface directly.

Set up -

VM-series FW - 3 interface -- Mgmt , Untrust , Trust

Client -> Internet GW -> EIP -> Firewall untrust interface - eth1/1 - > (SNAT -  eth1/

Azure to Azure - IPSec

Scenario:

Two separate companies, each has their own Azure infrastructure.

Both companies have VNET’s with ExpressRoute back to on-premise MPLS.

Both have Palo Alto VM Series firewalls in hub and spoke design on these Azure VNET’s.

Peering is not an opti

Request for Refund

Hi,

I selected the wrong bundle of Palo Alto Firewall by mistake and subscribed it for an year. I later on cancelled the subscription but still got charged for it. I didn't not initialize any machine so I don't have a CPU id to sign up for a support