This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3504 Views
  • 0 replies
  • 0 Likes

Site to site VPN tunnel in Azure

We need to build a site to site tunnel between on premise and Azure cloud so we are planning to use Palo Alto firewall in Azure, since we have a requirement to hide VNET subnet in cloud as well as in on premise subnets from each other while sending traffic between them, can we configure Port address translation.

VM-Series High Availability on ESXi?

Hi there, I am really new in network virtualization. I want to ask about high availability in Palo Alto VM-Series. We are going to buy two VM-200 (1 for Internal, 1 for External) and will install it on ESXi. I want ask for your advice.1.Should I buy another two VM-200 for the redudancy?2.or let the vSphere (HA or FT, I don't know which one shoul...

Palo Alto 10.0 firewall in HA in Azure

Hi, We are trying to test VM series firewall in HA without load-balancer and following the documentation listed on PA website, can someone confirm if the document is well tested and we are seeing issues in connectivity and Template for secondary firewall is not clearly identified. Please let me know if there is any working template for HA. Also...

Azure InterfaceEndpoint Routes Bypassing Palo Alto Firewall

Situation: Deployed two Palo Alto VM firewalls in Azure in a 'Transit VNet' following the Palo Alto Networks design, https://www.paloaltonetworks.com/resources/reference-architectures/azure. When you peer a VNet to the Transit VNet, the remote VNet’s network is learned in all of the routing tables on the Transit VNet. To force traffic to ta...

BigfootDivorcedMe03_1-1631305922876.png

Panorama network and device templates not syncing to firewall

Hello, We are trying to set up a new deployment in AWS consisting of two firewalls managed by a Panorama server. For starters, we deployed one firewall and one Panorama instance. They are in the same VPC, different subnets. Security groups currently allow all TCP to/from the Panorama server and the firewall. Both Panorama and the firewall have ...

PA-VM8.1.0 Initial Password Not Working

Hello, I installed PA-VM8.1.0-KVM-8.1.0.qcow2 in my GNS3 lab and the username/password admin/admin is not working. Is there another username/password I can try? I also loaded PA-VM8.1.0-KVM-8.0.0.qcow2 and PA-VM7.1.0-KVM-8.1.0.qcow2 and the username/password admin/admin does not work for those either.

mwaldrep by L0 Member
  • 4783 Views
  • 1 replies
  • 0 Likes

GlobalProtect pre-login prompts when multiple certificates available, after login

We have user and computer certificates as an option so we can use pre-login. It works great, but our computers have multiple user and multiple computer certificates which causes GlobalProtect to pop-up after login asking to select one. The user has to pick their own user certificate at least once and the computer certificate at least once before...

real client IP in VM series firewall in GCP cloud

Hi Members, I have a setup in GCP cloud wherein I have to deploy set of vm series palo firewalls between load balancer and real servers.The problem is I need to know the exact IP address of the client whereas if you see in firewall logs, you will get to see only the IP address subnet of external load balancer.can anyone help me on this ?? thanks...

Cannot route any traffic to my internal VNETs unless the incoming traffic is source NATed to the internal inerfaces

Hello everyone, I am new to the Palo Azure environment. I have everything set up with 4 Palo VM instances between an external and internal load balancer. I am having an issue with NAT where traffic from the outside will not route to my internal VNETs unless it is first Source NATed to the internal interfaces of the firewalls. The source IP nee...

VMs cannot access the Internet

Hello, Hope I get some direction/solution here. VM (10.9.8.4) can ping trusted interface (10.8.130.4) of PA but with packet loss!!! However, tracert 8.8.8.8 does not show the trusted interface as next hop....request timed out. Cannot go to the Internet. All NSG set to allowed. PA has the most basic config at this stage with Allow All Policy. Tr...

AWS VM-series - untrust interface - eating packets

Hi Guys, I am working on inbound (from the internet) flow on the VM-series untrust interface directly. Set up -VM-series FW - 3 interface -- Mgmt , Untrust , Trust Client -> Internet GW -> EIP -> Firewall untrust interface - eth1/1 - > (SNAT - eth1/2 ; DNAT - Server private IP ) -> Server In the monitor log, I can see the SNAT &a...

Resolved! No traffic between VMs and PA in Azure

Hi there, We have deployed PA-VM in Azure and there are other 4 VMs within the same vnet. There are NSGs on each interface of PA (mgmt, trusted, untrusted) and also on the VMs. There is allowed-all rule in the PA with intrazone default rule logging enabled. Ping is also enabled. There is no switch or other device between the VMs and PA. Routing ...

Azure to Azure - IPSec

Scenario:Two separate companies, each has their own Azure infrastructure.Both companies have VNET’s with ExpressRoute back to on-premise MPLS.Both have Palo Alto VM Series firewalls in hub and spoke design on these Azure VNET’s.Peering is not an option due to route advertisement limitations when using ExpressRoute from two locations. Question:Is...

Alastair by L0 Member
  • 2054 Views
  • 0 replies
  • 0 Likes
  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks