This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3528 Views
  • 0 replies
  • 0 Likes

SSH certificate authentication

Hi, I wanted to know if it is possible to require SSH certificate authentication as opposed to password authentication when doing a SSH logging into azure-hosted VM-series virtual firewalls? If this is possible, where can I find documentation that address this? I'm looking to improve security as certificate auth is orders of magnitude better tha...

Resolved! AWS PAN-OS 11 Interfaces never become active

I'm trying to bring up a new PAN-OS 11.1 instances in AWS, installed from aws-marketplace/PA-VM-AWS-11.1.0-f1260463-68e1-4bfb-bf2e-075c2664c1d7. I am able to reach the management IP address, both SSH and the web UI are working. However the two intended network interfaces never appear in "show interface all" nor in the UI Network > Interfaces ...

Screenshot 2023-12-24 at 9.01.21 AM.png
DGentry by L1 Bithead
  • 7159 Views
  • 4 replies
  • 1 Likes

Source NAT (DIP or DIPP) using a pool of addresses

I want to use source NAT going outbound across a pool of addresses. Is it possible to do distribution across the pool of addresses in round-robin fashion? In my testing with initiating connections from a single host, it is persisting with the same source nat address on egress. I want it to differentiate the source NAT address per TCP socket o...

AWS IPSec tunnel active/active HA with BGP

Looking for some help here. I have an ongoing case with support concerning AWS tunnel issues. My production FWs are active/active but not in sync. Just always been that way, it's the way I inherited it. I have 4 tunnels to AWS (2 on each FW) BGP all works fine but if I reboot one FW when it comes back it blows up all the tunnels. So support...

jdemares by L1 Bithead
  • 3253 Views
  • 1 replies
  • 0 Likes

VM-seires sizing on AWS and Azure

hello experts, Plan to implement VM FW on AWS and Azure. Gone through the credit calculator https://www.paloaltonetworks.com/resources/tools/ngfw-credits-estimator Just wondering how many vCPU is required. Except throughput, CDSS and number of GW, what else should i need to put into consideration, more specific the requirement on the cloud plat...

vm-series on Azure with hyperthreading disabled

By default VMs on Azure will run with hyperthreading enabled. It seems possible to run with hyperthreading disabled on Azure, and running vm-series with hyperthreading disabled is in fact recommended on other virtualization platforms. Is anyone running vm-series on Azure with hyperthreading disabled? It seems to me that the way vm-series is de...

frigault by L1 Bithead
  • 801 Views
  • 0 replies
  • 0 Likes

AVD VMs Unavailable When Traffic Passes Through Palo Alto Firewall

Hi All, We’re facing an issue where AVD VMs show as unavailable when routed through the Palo Alto firewall. Required URLs and services are already whitelisted as per Microsoft documentation. Even with an ANY-ANY rule and no security profiles, the issue persists. Microsoft’s AVD and networking teams suspect the firewall, as things work fine when ...

Unable to connect log collector to panorama

I have a panorama VM running on Azure, I am currently trying to bring up some log collector VMs also on azure to handle the logs of my firewalls. I have been able to deploy the log collectors, but when I add the log collector to the panorama through the "Managed collectors" section, I do not get any connection status, the connection status is ju...

PANW aws vm-series ipsec tunnel ip /30 Tunnel interface

Question on aws vm series ipsec tunnel ip /30 Tunnel interface Hello Livecommunity, how is it going? I hope it's going well I have a doubt, thinking in vmseries on Amazon, where from the virtual stick arme several ipsec tunnels site to sire either onprem or towards on prem or not, thinking in the typical network /30 for what is the tunnel ...

Metgatz by L4 Transporter
  • 2688 Views
  • 0 replies
  • 0 Likes

Firewalls in Active Active using Azure Internal Load balancer

Hi, we have deployed Palo-alto firewalls on Azure and a Standard Internal Load Balancer with single front-end IP and single backend pool, does LB maintain session state if - (1) communication is sourced from Azure VNET destined to On-premise ? (2) communication is sourced from On-premise destined to Azure VNET ? We don't have a Virtual Network...

Palo Alto VM-Series in Azure DMZ - AVS

Okay see if I can word this as best as possible. I made up the network IP addresses for this diagram. We are in the progress of migrating one of our on-prem DC to the Azure public Cloud. Obstacle we are facing is with how the DMZ will look and work specifically with DMZ network in AVS. - Current design is using the dedicated inbound option ...

IPSec Tunnel is up but not passing traffic (On-Prem to Azure Palo Alto VM)

Hi guys. GOAL:I have an office in India with several users. They need to access a server in Azure that sits behind Virtual PA using Global Protect. I have successfully setup an IPSec Tunnel between my On-prem PA and an Azure PA, however, I am not passing any traffic in either direction.I suspect I might be over simplifying this deployment. I cho...

CMoore927039_1-1743429050105.png

PAN OS 11.1.6 AWS GWLB Bug

Hi All, Just an informative post. There is an unreleased bug in PAN OS 11.1.6 which causes the source username to be displayed as junk values in the traffic logs, which has an impact on any firewall rules that rely on user/groups for authorization. It appears it only affects vm-series firewalls that are behind an AWS GWLB TAC estimates the fix...

  • 709 Posts
  • 107 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks