This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3527 Views
  • 0 replies
  • 0 Likes

AZURE ILB healthcheck Fails because of MS Public IP (168.63.129.16)

Hello, I'm setting an Active/Active PA design with Azure ILB for traffic balancing, my backends are PA firewalls on each of their interfaces (I'm using 6 interfaces)Azure ILB uses the same Public IP to monitor health status of all the backends https://docs.microsoft.com/fr-fr/azure/virtual-network/what-is-ip-address-168-63-129-16 The probing fai...

Can we advertise an IP of /32 from Palo Alto firewall to TG (Transit gateway) of AWS via BGP route advertisement

Loopback is configured on router in at a HUB site and we want to ping the IP of an instance in VPC-1.We are advertising the loopback IP (/32) from HUB site as shown in the above diagram. Loopback will be advertised from Hub site to TG (Transit gateway in AWS) via BGP , then this will be advertised from TG to Palo Alto firewall. Again from P...

KhurshidAnjum_0-1620318033696.png

Azure VNET peering

We are going with hub and spoke model, PA being the hub. When we peer a spoke VNET with the hub does the subnets in peered spoke also go through intrazone rules. Spoke-vnet - (subnet1, subnet2). Would subnet1 <> subnet2 communication pass through intrazone rules or does the whole spoke-net is seen as one large routed subnet.

raji_toor by L4 Transporter
  • 3527 Views
  • 1 replies
  • 0 Likes

SSL Decryption Inbound Inspection

On AWS we have deployed Application Load balancer after firewall. Can we configure ssl inbound inspection in this case?Will it work properly, whic certificate we have to import on firewall, server certificate or ALB certificate?

Source and destination both NAT required for inbound connection on Azure...

Hi Team, On public cloud Azure, why we need to translate source address also for Destination NAT?When i am translating source with trust interface IP it is working fine but when i am keeping the address as original it is not working. Kindly let me know is there any limitation on Public cloud for that we require source translation as well? Regard...

Strange issue- VM-Series Ext interface with Elastic IP in AWS not reachable. (outside test PC reachable)

I am trying to POC a scenario for my customer in AWS with dual Palo Alto in HA within same availability zone. (We need to build a site to Site VPN tunnel from on-Premises to AWS Palo behind IGW) I am facing a strange issue. I an not able to reach the outside Elastic IP address of Palo.(I am able to reach the public IP on Management interface). T...

Palo_Lab.PNG

Website is slow when put behind vm-series 300

We have deployed vm-series 300 in AWS recently and put our production site behind it, but we are seeing a performance degradation, the website is taking around 2-3 mins to load for the first time which normally it didnt take, we have not put any url filtering profiles yet but yes we do have some security and nat profiles in place(which normal I ...

Screenshot 2021-04-12 at 11.29.58 PM.png
Tariq87 by L1 Bithead
  • 11795 Views
  • 14 replies
  • 0 Likes

Cloud VM Series disconnecting from Panorama after commit & push

Hello,I had 2 VM-series firewalls running 10.0.3 in AWS which I had connected to my on-prem Panorama also running 10.0.3.All looked fine until I made a change to the security policy and executed a commit & push to the VM's.After this the Panorama commit status seemed to hand and then eventually came back with an error "job failed because of ...

IPSEC Tunnel to Azure - Odd pattern

We received a report of some connectivity issues with an IPSEC tunnel between a Palo 5220 (9.1.8) and Azure VNG Looking at this deeper, we see an odd rekey pattern happening with the IPSEC Rekey. Every 4th rekey is a non-rekey and occurs short. Can anyone help us understand what could possibly be causing this? Its happening only on Azure VPN ...

Resolved! GWLB and Palo Alto Zones

I am building some PA VM's behind GWLB. i would like to do traffic between VPC's to flow through this GWLB and TGW which appears to be possible however i can not find any documentation on how to seperate these into different Zones within the palo. I would like the Traffic from VPC A and VPC B to be mapped to different Palo Alto Zones. I was told...

PA-VM-01 can't ping to PA-AM-02 via External Interface.

Hi all, I am a new Palo Alto firewalls learner, I start the lab which has 2 PA-VMs direct connected (in the purpose of testing VPN site to site) but it can't ping to each other it showing destination unreachable. I had tried to configure Interface management by allowed ping on both PAs but it's still not working, please help!! Thanks,

Chheang by L0 Member
  • 2576 Views
  • 1 replies
  • 0 Likes

Issue With adding Secondary IPs to Azure VM

Recently, we've been having an issue with assigning secondary IPs to our Azure PA VMs where if we add a new IP, it doesn't seem to apply until we add a second IP. After the 2nd IP is added, the first starts working but the 2nd doesn't work. The Palo interfaces are set to DHCP and IPs are assigned to the Azure NIC. Same issue on 3 firewalls in di...

Ash2k by L2 Linker
  • 3576 Views
  • 1 replies
  • 0 Likes
  • 709 Posts
  • 107 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks