This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3522 Views
  • 0 replies
  • 0 Likes

GlobalProtect with SAML to Azure AD - selecting account when activating GP

Hello Community, we´ve configured GP to authenticate via SAML to our Azure AD service so that we can use MFA on GP.GP is only used by IT employees with their "admin" accounts.So far, it seems to work fine how its configured. The only problem we are facing is, that some users are not asked which Microsoft account they want to use in GP when they ...

MStork by L0 Member
  • 7519 Views
  • 3 replies
  • 0 Likes

FIPS mode in Azure Government

Has anyone been successful in converting their VM-series appliances running in Azure Government to FIPS-CC mode? The SSH keys I created and allowed for FW management prior to the conversion were wiped out and resetting the keys via the Azure portal doesn't work (although the agent is running). I cannot get into the GUI either since admin is not ...

cl625410 by L0 Member
  • 3998 Views
  • 1 replies
  • 0 Likes

Cross region ingress packet inspection with Palo Alto GWLB and TGW

Hello there,Currently doing POC and deployed a VM-Series with AWS Gateway Load Balancer/TGW mentioned hereI was able to inspect the traffic inbound traffic as my security vpc (TGW/GWLB/VMSeries)a nd Spokes VPC (Application) is in the same region. Any idea how can I route my traffic for inbound inspection if my spokes VPC is different region tha...

ali_h3n by L0 Member
  • 4392 Views
  • 0 replies
  • 2 Likes

Timeout for some connections using GWLB

Hi AllHas anyone else had a play with the GWLB on AWS? I've here a topology hub and spoke base on this link:https://aws.amazon.com/pt/blogs/networking-and-content-delivery/centralized-inspection-architecture-with-aws-gateway-load-balancer-and-aws-transit-gateway/ But, some lambdas in the spoke are with timeout to connect to Internet. The firewal...

Resolved! NGFW HA on AWS with different AZ

Hi All, I want to configure Active/Passive HA on AWS, but both the PA-Instance should be in different AZ. How can we achieve this?I have referred below article: https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/high-availability-for-vm-series-firewall-on-aws/configure-activepassive-ha-on-aw...

Azure Network Watcher

Hello, i want to do a packet capture on a VM interface using Network Watcher for some traffic on our VM-300 series NGFW but our CSP advises this is not possible. The extensions section in Azure seems to confirm this. can anyone advise if this feature is available? we are having issues with a flow of traffic not being received at the far end b...

RyanJohnstone1144_0-1633536096660.png

Public IPs with NAT in IPSEC

I've got a rather bizarre setup that I'm trying to integrate with a new customer using a vm-series 300 in AWS. I have setup and established an IPSEC tunnel (that even comes up when we attempt to send traffic over the tunnel). Where it gets complicated is that their expectation is that we NAT all traffic using public IPs and send the traffic thr...

NAT plan - Copy of Page 1.png

Inbound Traffic to Azure Public Load Balancer

I've become stuck on an issue getting inbound traffic working to a resource in a subscriber VNET behind a transit VNET where firewalls are configured. I think I'm missing something obvious, and thought I would bounce ideas off of the community here. Here's a summary of the configurations relevant. Public Load Balancer listens on public IP 1.2.3....

dashnet by L0 Member
  • 7411 Views
  • 2 replies
  • 0 Likes

Azure LB Static Route and IPSEC failover

I am having the attached topology. I have two ipsec tunnel from two vm series paloalto to same peer ip which is in prisma cloud. on trust side I have an Azure load balancer which would send traffic to 2 firewalls and having a health probe as ssh to the firewalls. My requirement is to remove the red static route towards azure LB when the green st...

ASingh106_0-1635861715552.png

Zone Protection profile pushed from Panorama to VM-100 in Azure

Hi all, I am having recurring issues deploying zone protection profiles for VM series firewalls in Azure, from Panorama templates, revolving around SCTP settings, whenever I try to push the template the commits are failing with the below error - Details:. Validation Error:. network -> profiles -> zone-protection-profile -> Untrusted_Zon...

Does the HA Passive PA-VM Firewall forwards the logs to syslog server

Team, We have the pair of PA-VM deployed in HA A-P mode. The log-forwarding facility is enabled and the logs are being forwarded to the external Syslog-Server. It is noticed that the Passive node is not sending any logs to the Syslog-Server. Only the Active node is sending the logs. I am trying to understand that all the configurations are ident...

VM firewall HA on AWS

Hello,We need to deploy two VM series firewalls on AWS cloud in HA. Both firewalls will be in different AZ. I have below questions-1. Is it possible to do such configuration?2. If yes, please share any reference guide? Thank you in advance

BK0007 by L2 Linker
  • 2323 Views
  • 1 replies
  • 0 Likes

Azure Network Watcher VM extension?

Hello... is it possible to install that Azure Network Watcher VM extension to enable traces and packet captures from the PA VM to the Azure gateway? It would be handy to help troubleshoot connectivity issues between the PA and the GW. Thank you.

eosminer by L1 Bithead
  • 7506 Views
  • 4 replies
  • 0 Likes

ESXI Server - Inside Host is on Same Port Group as Palo Alto FW Inside Interface and Pings are failing from all inside hosts

I have a ESXI Server with firewall (Inside, DMZ and Outside) zones Palo Alto has a rule to allow interzone traffice from inside to outside Palo Alto has NAT configured for Outside Interface When I try to ping from host to host on in the same port group...all is good. When I try to ping to the Inside Firewall Interface, the ping times out..."De...

ETate by L1 Bithead
  • 2404 Views
  • 1 replies
  • 0 Likes

problems to configure internal load balancer on GCP

Hi team, we are working in a lab environment, following the recommended architecture manual:https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/guides/gcp-shared-vcp-deployment-guideWe have followed the procedure, but we have been experiencing issues on the GCP internal load balancer deployment...

AJuarez by L0 Member
  • 3252 Views
  • 2 replies
  • 0 Likes
  • 709 Posts
  • 107 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks