This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3498 Views
  • 0 replies
  • 0 Likes

Resolved! HA Missing Operational Commands Tab

Hi, I have setup 2 VM series FW in Azure in HA, however in the HA section there's no Operational Commands tab to go in and issue a suspend so it can failover to the secondary FW. I know in CLI you can put in a command to do this, but I'm interested to see if there is a fix for this.I'm running PAN-OS 10.0.6. Thanks

Dynam0 by L1 Bithead
  • 4890 Views
  • 2 replies
  • 0 Likes

FIPS Mode in GCP only available with PAYG Bundle 1??

Does anybody know if VM series Firewalls in GCP that are put into FIPS Mode actually downgrades the VM Bundle from PAYG Bundle 2 to Bundle 1? I had one firewall that was deployed with Bundle 2 and it had all the licenses. After I booted that firewall into maintenance mode, set to FIPS mode and rebooted, it only pulls down PA-VM, Premium, and Thr...

Frankamato_0-1641430029490.png
Frankamato_1-1641430049141.png

EVE-NG PA booting issue

Hi all, I have a eve-ng laptop that i'm planning to use for practice. I have installed the KVM file and activated it as well as added it to the eve-ng lab. However, when i start the device. I get the error message "No bootable Device". This device is currently configured to use PA8.0.5 in the EVE-NG environment. I have Attached a screenshot of ...

Jumbo Frames

Hi,I need small information on Jumbo Frames. If I disable the Jumbo Frames in PA-VM (VM-300) in device --- Setup --- session, will it be there any traffic impact or will firewall reboot.?please suggest me on this,.Thank you,

Azure HA Failover not working

Hello, We have a pair of VM300 PAs in Azure set up in Active-Passive. They are running 9.0.7 code with VM Series plug in 1.0.8. There was an issue in Azure on 19/10/20 which caused a failover and recovery (we use pre-emption). Post this issue the PAs were up and running but not passing traffic. we found that the secondary IP addresses (i.e. ...

Resolved! Azure multiple VM-series with UDR and Load balancers

Hello, At this moment I am doing a PoC for a client in Azure with two VM-300 in the so called "Sandwich" mode. So for traffic coming from the internet I have the following path: ELB > VM-300 (x2) > ILB > Webserver (x2). Both VM-300 and Webservers are both in a seperate availabilty set. I managed to load balance the traffic from the int...

Knipsel.PNG

AWS interface limits

Is the AWS VM limited to only 3 interfaces or can we add 3 more? I was reading there may be limitations associated with machine type but wanted to be sure before we went down the path of changing that.

Resolved! Azure Palo Alto VM to campus network via ExpressRoute

Quick question for the community. I have setup and configured the Palo Alto VM series in Azure. Along with the management interface, the VM has “trust” and “untrust” interfaces. I have basically copied the rules over from our office Palo Alto devices, and my test VM is working great through the Palo Alto VM. However, I’m having a problem that I ...

Resolved! NGFW on Azure cannot be deployed successful

Hi all, I got a weird situation when I deploy the PA NGFW on Azure, could you please give me some suggestions for resloving this weird situation? After deployment, the VM will be restared and restared by itself with unknown reason, I try to connect to Serial Console, the final screen is in Maintenance mode. I check the Activity Log, but no any v...

GlobalProtect with SAML to Azure AD - selecting account when activating GP

Hello Community, we´ve configured GP to authenticate via SAML to our Azure AD service so that we can use MFA on GP.GP is only used by IT employees with their "admin" accounts.So far, it seems to work fine how its configured. The only problem we are facing is, that some users are not asked which Microsoft account they want to use in GP when they ...

MStork by L0 Member
  • 7458 Views
  • 3 replies
  • 0 Likes

FIPS mode in Azure Government

Has anyone been successful in converting their VM-series appliances running in Azure Government to FIPS-CC mode? The SSH keys I created and allowed for FW management prior to the conversion were wiped out and resetting the keys via the Azure portal doesn't work (although the agent is running). I cannot get into the GUI either since admin is not ...

cl625410 by L0 Member
  • 3953 Views
  • 1 replies
  • 0 Likes

Cross region ingress packet inspection with Palo Alto GWLB and TGW

Hello there,Currently doing POC and deployed a VM-Series with AWS Gateway Load Balancer/TGW mentioned hereI was able to inspect the traffic inbound traffic as my security vpc (TGW/GWLB/VMSeries)a nd Spokes VPC (Application) is in the same region. Any idea how can I route my traffic for inbound inspection if my spokes VPC is different region tha...

ali_h3n by L0 Member
  • 4344 Views
  • 0 replies
  • 2 Likes

Timeout for some connections using GWLB

Hi AllHas anyone else had a play with the GWLB on AWS? I've here a topology hub and spoke base on this link:https://aws.amazon.com/pt/blogs/networking-and-content-delivery/centralized-inspection-architecture-with-aws-gateway-load-balancer-and-aws-transit-gateway/ But, some lambdas in the spoke are with timeout to connect to Internet. The firewal...

Resolved! NGFW HA on AWS with different AZ

Hi All, I want to configure Active/Passive HA on AWS, but both the PA-Instance should be in different AZ. How can we achieve this?I have referred below article: https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/high-availability-for-vm-series-firewall-on-aws/configure-activepassive-ha-on-aw...

  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks