This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3502 Views
  • 0 replies
  • 0 Likes

DPDK mode in AWS

I see that we have SR-IOV and DPDK modes supported for Palo Alto in AWS and understand that DPDK is proffered mode which provides fast processing, so are there any specific situation where SR-IOV mode is preferred over DPDK?

BGP issue between On-pre PA and Azure via a site to site VPN

I am trying to setup Azue site to site VPN with BGP. IPsec tunnel came up successfully and I can ping from PA BGP Peer IP to Azure BGP peer IP. However, BGP session can not be established. It gets stuck in connect state. I have been reseraching Azure VPN with BGP example in the Inernet but I could not find any example. PA BGP is compatble with A...

Azure Application for HA

Hi all, We are looking to set up a HA pair of 9.0 PAs in Azure as per guide below https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/set-up-the-vm-series-firewall-on-azure/configure-activepassive-ha-for-vm-series-firewall-on-azure.html I have a query around the creation of the Azure AD application referenced in the above link, ...

Resolved! Ideas for On Demand NAT Allocation (AWS-Elastic IPs)

Hi,We are looking to start production in AWS and will be spinning up Hosts that need to have Ingress Traffic to Hosts on a TGW. I am looking to do the PAN AWS Sandwich (Good Idea?) for High Availability. But I need some ideas on how to quickly allocated and build NAT Rules as the operations team spins up new Hosts. I am thinking something might ...

Internet reachability

Hi ,Due my self training on Palo Alto VM , I have face some issue where I'm not able to ping internet , but able to ping next host on same subset ( my pc ).Network connective :VMnet1: inside interfaceVMnet2 : DMZ interfaceBridged : outside interfaceVMent0 : Management interface config below : Interface configNext host pingable \ internet ...

aljohani1409_2-1576242276344.png
aljohani1409_0-1576241780214.png
aljohani1409_1-1576241983497.png

No metrics in cloudwatch

Hello,I followed this guide https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/deploy-the-vm-series-firewall-on-aws/enable-cloudwatch-monitoring-on-the-vm-series-firewall.htmlfor enabling the vm-serise custom metrics to cloudwatch.But I am not seeing the VMserise category appear in cloudwatc...

Muttley by L1 Bithead
  • 4124 Views
  • 1 replies
  • 0 Likes

Traffic logs missing on Palo Alto- Azure VM(PAN OS 8.1.9)

Today we had an issue when we could not login to our Palo Alto. Reboot from Azure portal fixed the issue. When logged back to Palo and checked traffic logs, found that traffic logs are missing before the VM was rebooted for almost 24 hours. There is nothing else in system logs which could help identify unauthorized access or issue. Could this be...

pKumari by L0 Member
  • 2699 Views
  • 0 replies
  • 0 Likes

PA with ELB and ILB in Azure

We have the below setup: internet->ELB(public ip)->VM Series(2)-> ILB->Web Servers Where the 2 VM series Firewall in backend pool of both ELB and ILB, the issue here is the Health probe IP for both ELB and ILB is 168.63.129.16 so health probes always fails for one of them, I can resolve this issue by happing 2 VR. But my question is ...

Ansh.mi by L1 Bithead
  • 11958 Views
  • 6 replies
  • 0 Likes

AWS ALB/ALB Sandwich - Active/Active vm-series (9.0.5)

External ALB -> VM-series 300 -> Internal ALB -> server (listening on tcp/15000)Having issues routing from external ALB to the server over port 15000 ? Added listener port http:15000 on the ALB and forwarded it to the target group containing the firewallCreated destination NAT (untrusted to untrusted) on the firewall with source address...

AWS ALB/ALB Sandwich - issue with target group showing firewalls unhealthy (http - 80)

Configuration in AWSExternal ALB -> VM-series 300 (in 2 AZ) -> Internal ALB ->webserverThe target group of the external ALB shows unhealthy for port http/80 External NLB ->VM-series 300 (in 2 AZ)-> Internal NLB -> webserverThe target group of the external NLB shows healthy for port tcp/80 consistently Why is the external ALB...

Unable to get ssh key to work

Trying to spin up a firewall in the GCP environment but unable to get ssh key to work. Tried different keys including puttygen generated key. Also tried project metadata and instance metadataEx:resource "google_compute_instance" "fw-region" {count = 2name = "fw-region-${count.index +1 }"can_ip_forward = truemetadata = {ssh-keys = "admin:ssh-...

PaulPink by L0 Member
  • 3667 Views
  • 0 replies
  • 0 Likes

Resolved! AWS Availability Zones

For background, here is the scenario: Initially we were looking at a high availability setup with 2 VM appliances, however, there is a restriction to a single AZ in that approach because of how the “floating IP / ENI” works. However, this environment will span multiple AZ’s for redundancy and there is a published Palo Alto video on how they do t...

nrobison by L1 Bithead
  • 8985 Views
  • 3 replies
  • 0 Likes

Resolved! Can't get vr id(Module: dhcpd)

Hello, I have a Bundle 1 subscription Following thishttps://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/use-case-secure-the-ec2-instances-in-the-aws-cloud.htmlOnce I configure the network to get DHCP, I get the error.. after commit Can't get vr id(Module: dhcpd) and I can't get pass that. Th...

nronica by L1 Bithead
  • 21211 Views
  • 2 replies
  • 0 Likes
  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks