This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3526 Views
  • 0 replies
  • 0 Likes

VM-300 BGP ECMP Performance?

Hello, I was wondering if anyone has any experience or knowledge regarding the performance impact of enabling ECMP for BGP on the VM-300 series appliance in Azure. Documentation stated that there is an impact to performance as the overhead associated is processed via software vs hardware, but no metrics were provided with that statement. Some in...

Resolved! Panorama HA (Active/Standby) Deployment in Azure

Hello Our company has opted to deploy Panorama and Palo Alto Firewalls in our Azure. I am planning to deploy Panorama in HA (Active/Standby) in Panorama mode in our Azure. I have some questions and hoping you guys can help me I am using the below System Requirements System Disk: 1 x 256 GB (Premium SSD)CPU’s: 16Memory: 64 GBLogging Disks: 2TBA...

I cannot login to panorama in azure after downgrade from version 10.0 to 9.1.5.

HelloI deployed the panorama(version10.0) in my azure environment.After setting up, I realized that I must downgrade to version 9.1.5 due to several reasons.Therefore I tried downgrade with this manual site( https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/troubleshooting/downgrade-from-panorama-10-0.html )It seems panorama is down...

Routing the return traffic for on Prem network through Expressroute

We have 2 Palo alto firewalls in Azure using the so called 'load balancer sandwich.' In addition we have a Microsoft ExpressRoute for connectivity to our on prem network. Currently our Expressroute traffic goes around the Palos but the intent is to have the expressroute traffic also go through the Palos. So if I create a UDR for one of the...

Resolved! Panorama in Azure is not detecting the attached logging disks

Hello I deployed Panorama in Azure. I attached a 2TB data disk as a logging disk for the Panorama VM but when I go to Panorama CLI and run the command "show system disk details" it says "No Disks available". I found the below article in the knowledge base and tried the resolution 2 but it's still the same. Does anyone know how can I fix this pro...

PA VM - Active/Passive on Azure availability set

I have few firewalls in active/Passive HA and few more to built. I'm not using Loadbalancer / App gateway to load blance traffic between firewalls. Can I use availability set and place the HA members on respective fault and update domain. ex FW1 Update domain :0 Fault domain: 0 FW2 Update domain :1 Fault domain: 1Couldn't find any docum...

PA vnet/subnet question

I'm trying to create a PA to handle a few internet facing DMZ zones and also to be the default route when a app needs to go outsideSo it would have untrust/trust/mgmt and a few dmz L3 interfaces So it seems I have 2 options for deployments One big vnet for the PACarved subnets would be the PA L3 interfacesAlso the carved subnets, applications w...

AWS PANs trying to create CloudWatch log groups

I'm not looking to monitor Palo Alto metrics using CloudWatch but need to push logs from the firewall to CloudWatch logs. We can see in cloudtrail that the PANs are trying to create CloudWatch log groups, but aren’t allowed to. I found this article talking about granting it access to create log groups, but we don’t actually want it to be creatin...

AWS PANs trying to create CloudWatch log groups

We can see in cloudtrail that the PANs are trying to create CloudWatch log groups, but aren’t allowed to. I found this article talking about granting it access to create log groups, but we don’t actually want it to be creating logs if we can help it.https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewal...

ALBv2 Scaling Questions

I am trying to use this: https://github.com/PaloAltoNetworks/aws-elb-autoscaling/tree/master/Version-2.0 for setting up a PoC. I went through the docs and was able to get a pair of PANFW running with some changes to the IAM roles required as per the cloud formation templates The ALB (ELBv2) is exposed on port 80 on the frontend. But ALB seems to...

ELBv2 Scaling Questions

I am trying to use https://github.com/PaloAltoNetworks/aws-elb-autoscaling/tree/master/Version-2.0 for setting up a PoC. I went through the docs and was able to get a pair of PANFW running with some changes to the IAM roles required as per the cloud formation templates. The ALB (ELBv2) is exposed on port 80 on the frontend. But ALB seems to prob...

AWS Transit VPC CloudFormation

Can anyone assist with this CF Template? https://github.com/PaloAltoNetworks/aws-transit-vpcIt is outdated, and I can't figure out why it's getting hung up. First the AMI was old, so I updated that to 9.1, now it's created one PA in the transit VPC, but I can't login (password is wrong) so I'm guessing the bootstrap config (which I am just using...

PA firewall traffic to AWS API gateway

Planning to secure AWS infra using a VM firewall Palo Alto. Main AWS components are API Gateway & Lambda.Traffic from external network (public) comes to API gateway and to lambda. Is it possible to route incoming traffic via PA firewall to API gateway.

GlobalProtect --- Use machine certificate or a user certificate (without specifying Username Field)

Hi, I'm busy setting up GlobalProtect for a client, and already have LDAP authentication working. However the client requires a second factor for the authentication and went with certificates because they have an internal PKI. I've been trying to configure this to use machine certificates, so that only corporate machines would have access. I've ...

  • 709 Posts
  • 107 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks