This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3499 Views
  • 0 replies
  • 0 Likes

Azure Network Watcher

Hello, i want to do a packet capture on a VM interface using Network Watcher for some traffic on our VM-300 series NGFW but our CSP advises this is not possible. The extensions section in Azure seems to confirm this. can anyone advise if this feature is available? we are having issues with a flow of traffic not being received at the far end b...

RyanJohnstone1144_0-1633536096660.png

Public IPs with NAT in IPSEC

I've got a rather bizarre setup that I'm trying to integrate with a new customer using a vm-series 300 in AWS. I have setup and established an IPSEC tunnel (that even comes up when we attempt to send traffic over the tunnel). Where it gets complicated is that their expectation is that we NAT all traffic using public IPs and send the traffic thr...

NAT plan - Copy of Page 1.png

Inbound Traffic to Azure Public Load Balancer

I've become stuck on an issue getting inbound traffic working to a resource in a subscriber VNET behind a transit VNET where firewalls are configured. I think I'm missing something obvious, and thought I would bounce ideas off of the community here. Here's a summary of the configurations relevant. Public Load Balancer listens on public IP 1.2.3....

dashnet by L0 Member
  • 7294 Views
  • 2 replies
  • 0 Likes

Azure LB Static Route and IPSEC failover

I am having the attached topology. I have two ipsec tunnel from two vm series paloalto to same peer ip which is in prisma cloud. on trust side I have an Azure load balancer which would send traffic to 2 firewalls and having a health probe as ssh to the firewalls. My requirement is to remove the red static route towards azure LB when the green st...

ASingh106_0-1635861715552.png

Zone Protection profile pushed from Panorama to VM-100 in Azure

Hi all, I am having recurring issues deploying zone protection profiles for VM series firewalls in Azure, from Panorama templates, revolving around SCTP settings, whenever I try to push the template the commits are failing with the below error - Details:. Validation Error:. network -> profiles -> zone-protection-profile -> Untrusted_Zon...

Does the HA Passive PA-VM Firewall forwards the logs to syslog server

Team, We have the pair of PA-VM deployed in HA A-P mode. The log-forwarding facility is enabled and the logs are being forwarded to the external Syslog-Server. It is noticed that the Passive node is not sending any logs to the Syslog-Server. Only the Active node is sending the logs. I am trying to understand that all the configurations are ident...

VM firewall HA on AWS

Hello,We need to deploy two VM series firewalls on AWS cloud in HA. Both firewalls will be in different AZ. I have below questions-1. Is it possible to do such configuration?2. If yes, please share any reference guide? Thank you in advance

BK0007 by L2 Linker
  • 2300 Views
  • 1 replies
  • 0 Likes

Azure Network Watcher VM extension?

Hello... is it possible to install that Azure Network Watcher VM extension to enable traces and packet captures from the PA VM to the Azure gateway? It would be handy to help troubleshoot connectivity issues between the PA and the GW. Thank you.

eosminer by L1 Bithead
  • 7319 Views
  • 4 replies
  • 0 Likes

ESXI Server - Inside Host is on Same Port Group as Palo Alto FW Inside Interface and Pings are failing from all inside hosts

I have a ESXI Server with firewall (Inside, DMZ and Outside) zones Palo Alto has a rule to allow interzone traffice from inside to outside Palo Alto has NAT configured for Outside Interface When I try to ping from host to host on in the same port group...all is good. When I try to ping to the Inside Firewall Interface, the ping times out..."De...

ETate by L1 Bithead
  • 2383 Views
  • 1 replies
  • 0 Likes

problems to configure internal load balancer on GCP

Hi team, we are working in a lab environment, following the recommended architecture manual:https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/guides/gcp-shared-vcp-deployment-guideWe have followed the procedure, but we have been experiencing issues on the GCP internal load balancer deployment...

AJuarez by L0 Member
  • 3222 Views
  • 2 replies
  • 0 Likes

Incomplete error

I have a Linux VM trying to send traffic over port 25 smtp and I am getting an incomplete message on the PAN-VM. I have done a few tests with port 587 and works fine, I have gone through the rules in focus detail to verify the rule should allow it but still no go. Any ideas where else I can look or tools to use to narrow down this issue? Thanks

VM-Series License limits - VIrtual Routers

I have seen documentation outlining the differences in the number of Rules, VPNs, sessions and zones for each VM-Series license, but i think there are also limits on the number of Virtual Routers you can create on each VM license.Is there any documentation to illustrate this difference?This is necessary information if you are deploying the Load ...

AWS secondary CIDR on VPC ability to NAT to PAN in original CIDR

Hey all,It has finally happened and we ran out of IPv4 space on Primary CIDR block for our VPC. We created a new CIDR and associated it to the same VPC. However it appears that I can't associate an ENI in the new CIDR to our Palo Alto in the original CIDR. And we can't use the NAT ENI in the original because it hops to the original then out whic...

VM-Series firewalls in Azure with multiple private zone NICs behind Internal LB not maintaining session

I have a use-case: There are 2 VM-Series Palo-alto firewalls deployed in Azure behind Internal Load Balancer. Each firewall has 3 private zone interfaces and Internal LB has 3 Frontend-IPs, one for each firewall interface subnet, the request traffic from one private azure subnet lands on Internal LB Frontend-IP1 and distributed to firewall1 inte...

  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks