This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3503 Views
  • 0 replies
  • 0 Likes

vm-series on Azure with hyperthreading disabled

By default VMs on Azure will run with hyperthreading enabled. It seems possible to run with hyperthreading disabled on Azure, and running vm-series with hyperthreading disabled is in fact recommended on other virtualization platforms. Is anyone running vm-series on Azure with hyperthreading disabled? It seems to me that the way vm-series is de...

frigault by L1 Bithead
  • 766 Views
  • 0 replies
  • 0 Likes

AVD VMs Unavailable When Traffic Passes Through Palo Alto Firewall

Hi All, We’re facing an issue where AVD VMs show as unavailable when routed through the Palo Alto firewall. Required URLs and services are already whitelisted as per Microsoft documentation. Even with an ANY-ANY rule and no security profiles, the issue persists. Microsoft’s AVD and networking teams suspect the firewall, as things work fine when ...

Unable to connect log collector to panorama

I have a panorama VM running on Azure, I am currently trying to bring up some log collector VMs also on azure to handle the logs of my firewalls. I have been able to deploy the log collectors, but when I add the log collector to the panorama through the "Managed collectors" section, I do not get any connection status, the connection status is ju...

PANW aws vm-series ipsec tunnel ip /30 Tunnel interface

Question on aws vm series ipsec tunnel ip /30 Tunnel interface Hello Livecommunity, how is it going? I hope it's going well I have a doubt, thinking in vmseries on Amazon, where from the virtual stick arme several ipsec tunnels site to sire either onprem or towards on prem or not, thinking in the typical network /30 for what is the tunnel ...

Metgatz by L4 Transporter
  • 2651 Views
  • 0 replies
  • 0 Likes

Firewalls in Active Active using Azure Internal Load balancer

Hi, we have deployed Palo-alto firewalls on Azure and a Standard Internal Load Balancer with single front-end IP and single backend pool, does LB maintain session state if - (1) communication is sourced from Azure VNET destined to On-premise ? (2) communication is sourced from On-premise destined to Azure VNET ? We don't have a Virtual Network...

Palo Alto VM-Series in Azure DMZ - AVS

Okay see if I can word this as best as possible. I made up the network IP addresses for this diagram. We are in the progress of migrating one of our on-prem DC to the Azure public Cloud. Obstacle we are facing is with how the DMZ will look and work specifically with DMZ network in AVS. - Current design is using the dedicated inbound option ...

IPSec Tunnel is up but not passing traffic (On-Prem to Azure Palo Alto VM)

Hi guys. GOAL:I have an office in India with several users. They need to access a server in Azure that sits behind Virtual PA using Global Protect. I have successfully setup an IPSec Tunnel between my On-prem PA and an Azure PA, however, I am not passing any traffic in either direction.I suspect I might be over simplifying this deployment. I cho...

CMoore927039_1-1743429050105.png

PAN OS 11.1.6 AWS GWLB Bug

Hi All, Just an informative post. There is an unreleased bug in PAN OS 11.1.6 which causes the source username to be displayed as junk values in the traffic logs, which has an impact on any firewall rules that rely on user/groups for authorization. It appears it only affects vm-series firewalls that are behind an AWS GWLB TAC estimates the fix...

AWS GWLB Target Failover setting

Somewhat of a silly question. Have a GWLB configured with 2 vm-series firewalls as targets (1 fw in us-east-1a and the other in us-east-1b). Under the target group configuration, there is a recommended setting to be enabled for Target Failover (screenshot below) Would I be correct in saying the only way to enable this option and have i...

securehops_0-1743794822128.png

Resolved! PaloAlto Firewall Firmware Upgrade (Not using Panorama)

Hi Guys,I have a query regarding VM Series Palo alto Firmware Upgrade.If I want to upgrade from 11.0.4 series to 11.1.6 series, Do I need to download and install 11.1 major release or I just have to download the 11.1 Major Update and then directly download and install 11.1.x version.NEED YOUR EXPERT ADVISE.

KishorTP by L1 Bithead
  • 2725 Views
  • 4 replies
  • 0 Likes

Resolved! Azure deployment: why SNAT is not needed for E/W traffic?

I've been checking the official Azure deployment guide, section Deploying Outbound and East-West Security. https://www.paloaltonetworks.com/resources/guides/azure-transit-vnet-deployment-guide What I don't understand why SNAT is not required for E/W traffic while it is required for inbound traffic. What makes LB use the same FW for return tr...

santonic by L6 Presenter
  • 2010 Views
  • 1 replies
  • 0 Likes

Resolved! AWS VM-Series Virtual Bundle1 Health Check issue with Gateway Load Balancer

I am following the video https://www.youtube.com/watch?v=c28ZwlhCIWE to implement a Centralized design using Bundle1. However, I am getting health check issue for the GWLB. I capture packets on the firewall and can see packet from the GWLB (10.100.0.94) to the FW (10.100.0.89). but no response. Target group always time out to get a response. I...

KimSiah_0-1685934698777.png
KimSiah_1-1685935127996.png
KimSiah by L1 Bithead
  • 4471 Views
  • 2 replies
  • 0 Likes
  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks