This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3503 Views
  • 0 replies
  • 0 Likes

IBM Cloud - can't bind a public IP to any other interface except eth0

We are trying to deploy a Palo VM series in the IBM Cloud. We found that we can only attach a public IP to the management interface (eth0) only. If we try to bind another public IP to say eth1, we get a message saying "public IP already attached to this vm". Can someone tell me if this is a license thing? or a limitation of the Palo VM for ...

sneffCO by L0 Member
  • 2206 Views
  • 0 replies
  • 0 Likes

Inbound traffic AWS

I'm deploying two Palo Alto firewalls in AWS per the reference architecture. I have deployed a dedicated security/appliance VPC using the Centralized design model. Outbound Internet is working for my spoke/application VPCs For inbound Internet access I'm using the Combined design, but I didn't use an ALB. My inbound traffic makes it to the Palos...

Broker VM on Hyper-V boots into grub rescue

Hi We wanted to deploy the downloaded Broker VM image (VHD file) to our Hyper-V infrastructure. When I boot the VM it immediately enters to grub rescue with the error: file '/boot/grub/i386-pc/normal.mod' not found Any ideas what the problem could be? Regards, Philipp

Philipp by L0 Member
  • 1892 Views
  • 0 replies
  • 0 Likes

Terminal Services Agent (TSAgent) for Azure Windows Virtual Desktop?

Has anyone tried, or knows the compatibility / support status of TSAgent on Microsoft's Windows 10 WVD capability in Azure? We're using it at the moment and are also looking to add user-id to the Palo Alto setup but wanted to check the status of support for the TSAgent into it as it is Microsoft-Azure-only Windows 10 multi-user setup (as oppos...

Firewall forwarding log to Private IP of Panorama --- failing - (AWS - VM series)

I have an Panorama managing Firewalls (in different region , subscription) -- latched via Public IP. The firewalls are set to forward logs to Panorama. Unfortunately , the Firewalls are forwarding logs to Private IP address (which is failing cause of no connectivity).How can I force log forwarding to use Panorama's public IP address ? I have alr...

Resolved! Connectivity issue during failover test

We have three VPC and Transit Gateway along with Gateway Load Balancer deployed. Two VM series deployed in two AZs and We have test VPC that spans in three AZs Gateway Both FW registered in Target Group of Load Balancer using IP address. When FW are deployed interface swap is not used. Routes are configured as network diagram. I can ping from t...

Palo-post-image.JPG

Panorama (on EC2) config export to S3 (AWS)

I am design an config backup architecture for all the devices managed by Panorama (in AWS Cloud EC2) , dumping the devices configurations to S3 bucket . Is there anything natively present on this VM-series to utilize for this ? ++@jmeurer , @BPry , @Warby -- Any pointers .

Resolved! How to use Serial Console / EC2 connect in AWS

Hi All , Workstation(Dynamic Public IP) - > Used to access Panorama mgmt Interface (mgmt interface is allowing only that workstation IP) The management interface of my Panorama is configured to allow only one particular IP . Now since that workstation has got new IP , we cannot connect to the Panorama VM in AWS any more. Is there a possibilit...

Resolved! accessing a new Palo Alto firewall in the AWS.

Team, it has been some days that we got our virtual Palo Alto in the AWS and were able to change password using the initial access and the ppk file. However, due to some issues we had to get another firewall provisioned and I am unable to recreate the steps we had done earlier. After the instance is provisioned we downloaded the .pem file, cover...

nson2139 by L3 Networker
  • 9320 Views
  • 5 replies
  • 0 Likes

AZURE ILB healthcheck Fails because of MS Public IP (168.63.129.16)

Hello, I'm setting an Active/Active PA design with Azure ILB for traffic balancing, my backends are PA firewalls on each of their interfaces (I'm using 6 interfaces)Azure ILB uses the same Public IP to monitor health status of all the backends https://docs.microsoft.com/fr-fr/azure/virtual-network/what-is-ip-address-168-63-129-16 The probing fai...

Can we advertise an IP of /32 from Palo Alto firewall to TG (Transit gateway) of AWS via BGP route advertisement

Loopback is configured on router in at a HUB site and we want to ping the IP of an instance in VPC-1.We are advertising the loopback IP (/32) from HUB site as shown in the above diagram. Loopback will be advertised from Hub site to TG (Transit gateway in AWS) via BGP , then this will be advertised from TG to Palo Alto firewall. Again from P...

KhurshidAnjum_0-1620318033696.png

Azure VNET peering

We are going with hub and spoke model, PA being the hub. When we peer a spoke VNET with the hub does the subnets in peered spoke also go through intrazone rules. Spoke-vnet - (subnet1, subnet2). Would subnet1 <> subnet2 communication pass through intrazone rules or does the whole spoke-net is seen as one large routed subnet.

raji_toor by L4 Transporter
  • 3503 Views
  • 1 replies
  • 0 Likes

SSL Decryption Inbound Inspection

On AWS we have deployed Application Load balancer after firewall. Can we configure ssl inbound inspection in this case?Will it work properly, whic certificate we have to import on firewall, server certificate or ALB certificate?

  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks