Global Protect behind Azure load balancer without NAT

I have a PAYG VM-300 behind an Azure standard SKU load balancer with NSG opened up. I used this first to test the management interface and could load balance this. However when I try this on the Global protect it fails. 

I have a default virtual route

10G Threat Prevention on VM-Series?

Is there any roadmap to supporting 10G of threat prevention on vm-series? The VM-700 currently only support up to 8G?

Routing challenges in Oracle cloud to forward traffic towards palo alto support

We are in process to setup palo alto(with HA) in Oracle cloud. 

Unable to route traffic towards PA VM if source subnet is in same VCN as trust Subnet(interface) of paloalto firewall.

if someone can help that will really appreciated. 

AWS VM-100 (2 VCPU limit) on M4/M5.xlarge (4 VCPU onboard) - wasted VCPU?

Hello Experts,

Please help to understand what happens when one runs AWS VM-100 (2 VCPU limit) on M4.xlarge or M5.xlarge (4 VCPU onboard).

It works fine. But it seems like two of four VCPUs are staying idle in such setup. Would you agree?

I tried to use

VM-300 BGP ECMP Performance?

Hello,

I was wondering if anyone has any experience or knowledge regarding the performance impact of enabling ECMP for BGP on the VM-300 series appliance in Azure. Documentation stated that there is an impact to performance as the overhead associated

I cannot login to panorama in azure after downgrade from version 10.0 to 9.1.5.

Hello

I deployed the panorama(version10.0) in my azure environment.
After setting up, I realized that I must downgrade to version 9.1.5 due to several reasons.
Therefore I tried downgrade with this manual site( https://docs.paloaltonetworks.com/panorama

Routing the return traffic for on Prem network through Expressroute

We have 2 Palo alto firewalls in Azure using the so called 'load balancer sandwich.'  In addition we have a Microsoft ExpressRoute for connectivity to our on prem network.   Currently our Expressroute traffic goes around the Palos but the intent is t

PA VM - Active/Passive on Azure availability set

I have few firewalls in active/Passive HA and few more to built. I'm not using Loadbalancer / App gateway to load blance traffic between firewalls. 

Can I use availability set and place the HA members on respective fault and update domain.

   ex FW1 Up

PA vnet/subnet question

I'm trying to create a PA to handle a few internet facing DMZ zones and also to be the default route when a app needs to go outside

So it would have untrust/trust/mgmt and a few dmz L3 interfaces

So it seems I have 2 options for deployments

One big vn

AWS PANs trying to create CloudWatch log groups

I'm not looking to monitor Palo Alto metrics using CloudWatch but need to push logs from the firewall to CloudWatch logs.

We can see in cloudtrail that the PANs are trying to create CloudWatch log groups, but aren’t allowed to.

I found this article t

AWS PANs trying to create CloudWatch log groups

We can see in cloudtrail that the PANs are trying to create CloudWatch log groups, but aren’t allowed to.

I found this article talking about granting it access to create log groups, but we don’t actually want it to be creating logs if we can help it.

ALBv2 Scaling Questions

I am trying to use this:

https://github.com/PaloAltoNetworks/aws-elb-autoscaling/tree/master/Version-2.0 for setting up a PoC.

I went through the docs and was able to get a pair of PANFW running with some changes to the IAM roles required as per the