This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3501 Views
  • 0 replies
  • 0 Likes

Express Route connection Palo Alto VM Firewall in Azure

Hello All Our Company has opted to deploy Palo Alto Firewall (VM 500 Series) in our Azure environment. One of my requirements is to establish connection between this Palo Alto Firewall and the Express Route Gateway in Azure. I would like to know if anyone here is able to setup this? if so, can you please tell me how to do so?

Azure NGFW active-active HA and Panorama requirements

Hi, we're currently evaluating the use of NGFW's for a new Azure deployment. Ideally, we need to deploy NGFW in an active-active HA pattern behind an Azure internal load balancer. The documentation appears to state that Panorama is required to support this configuration. Is this a hard requirement? Is it possible to enable active-active with Con...

Ultimate Test Drive (UTD) - Get “Hands On” With the VM-Series on AWS

As we continue with our efforts to improve and enhance the public cloud UTDs, a new version of AWS UTD focused on VM-Series ML-Powered NGFW in AWS is now available. In the latest AWS UTD version, attendees will receive temporary credentials to access the AWS console and launch a two-tiered environment with the latest VM-Series NGFW. We have also...

utd-aws-topology.png
rsingh by L3 Networker
  • 3658 Views
  • 0 replies
  • 1 Likes

VNET Transit Deployment Guide with Express Route - GatewaySubnet UDR error

Hello, In order to integrate the Palo Alto Azure VM Series solution into my hub and spoke architecture, I followed the steps described in the deployment guide "azure-transit-vnet-deployment-guide-common-firewall-option.pdf" . Having already active Express Route connectivity I am stuck in section "13.1 - Configure Azure User-Defined Routes". I ha...

misterxiao_1-1598350653374.png
misterxiao_2-1598350780862.png
misterxiao_3-1598351070531.png

GCP IPsec VPN HA

Dear all, I would like to know how to establish a redundant IPsec VPN connection to a redundant VM-500 (not cluster) deployed in GCP. Should we use GCP Load balancer with external IP and load balance to a single PAN? If so the GCP network LB does not perform DNAT to the Palo Alto so the PAN will receive the public IP as destination in IP packet....

Monitoring interface traffic with SNMP

Using physical PA boxes, this works fine. However, with the VM version (at least in Azure) it does not. Only the mgmt interface shows any traffic when reading interface statistics through SNMP. Is this a known issue? ethernet1/1 is the untrusted interface and I'd like to chart utilization of it, but it just stays 0. IF-MIB::ifInOctets.1 = Cou...

VM Series in Paas environment

HelloWe are currently investigating if we can have any benefit deploying Palo Alto VM series firewall in our Azure Paas environment.We are looking to increase visibility mainly for traffic towards some of our public facing applications through the AG as well as traffic towards our on-prem environment. I understand there a hub and spoke design w...

KarimSN by L1 Bithead
  • 2507 Views
  • 0 replies
  • 0 Likes

Site to Site VPN between AWS transit GW and PA FW in AWS

Hello First time posting and looking for help on solution ............i have a PA fw in AWS and i am attempting to setup a VPN to AWS transit GW.FW set up with ÖUTSIDE int using DHCP and and EIP attached ... AWS TGW (VPN) -------------------------------------------------AWS(single FW with DHCP)52.x.x.x ------------------------------------------...

how to assign same floating ip to multiple network interfaces on Azure?

Hi,I spun 2 PA VM-Series on Azure cloud. Both firewalls are up and running with HA but when I try to assign floating ip on public and private interfaces of firewall VMs as a secondary ip, I can do it on primary VM only. When I try to assign the same floating ip on secondary VM it gives me an error that ip already exists on primary VM. How do I a...

ZuberP by L0 Member
  • 4266 Views
  • 2 replies
  • 0 Likes

Resolved! PA cannot get update and cannot get internet access

HI,I deployed PA firewall in AWS. NAT is running in PA firewall and I am not using AWS NAT . Now the problem is all my hosts behind the PA firewall can access to internet by using PA NAT and pass through the PA firewall.But My firewall unreachable to internet. PA cannot ping 8.8.8.8 .My PA unreachable to paloalto site to get update.So I cannot g...

crypto by L2 Linker
  • 7841 Views
  • 3 replies
  • 0 Likes

Azure PA NVA lost IP address

I have a HA Pair of PAs in Azure, as of yesterday morning, the active PA NVA has lost its secondary IP addresses - it had two and both have disappeared. So i just have the dynamic one now which only has a private IP. This is configured via the Azure portal on the untrust NIC. Anyone come across this before or can guide on how i can find out w...

PA vm on Azure ipsec connection to in-premises PA firewall

Hi Team, we have a deployment VM—100 Series firewall in Azure. Two instances of the same deployed in VTransit architecture with common firewall option. We have Public load balancer for inbound traffic (in Floating IP mode) and Internal Load Balancer for outbound traffic. We want to know can we connect to on-premise DC with a VPN from VM-series...

  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks