This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3529 Views
  • 0 replies
  • 0 Likes

AWS GWLB Target Failover setting

Somewhat of a silly question. Have a GWLB configured with 2 vm-series firewalls as targets (1 fw in us-east-1a and the other in us-east-1b). Under the target group configuration, there is a recommended setting to be enabled for Target Failover (screenshot below) Would I be correct in saying the only way to enable this option and have i...

securehops_0-1743794822128.png

Resolved! PaloAlto Firewall Firmware Upgrade (Not using Panorama)

Hi Guys,I have a query regarding VM Series Palo alto Firmware Upgrade.If I want to upgrade from 11.0.4 series to 11.1.6 series, Do I need to download and install 11.1 major release or I just have to download the 11.1 Major Update and then directly download and install 11.1.x version.NEED YOUR EXPERT ADVISE.

KishorTP by L1 Bithead
  • 2837 Views
  • 4 replies
  • 0 Likes

Resolved! Azure deployment: why SNAT is not needed for E/W traffic?

I've been checking the official Azure deployment guide, section Deploying Outbound and East-West Security. https://www.paloaltonetworks.com/resources/guides/azure-transit-vnet-deployment-guide What I don't understand why SNAT is not required for E/W traffic while it is required for inbound traffic. What makes LB use the same FW for return tr...

santonic by L6 Presenter
  • 2077 Views
  • 1 replies
  • 0 Likes

Resolved! AWS VM-Series Virtual Bundle1 Health Check issue with Gateway Load Balancer

I am following the video https://www.youtube.com/watch?v=c28ZwlhCIWE to implement a Centralized design using Bundle1. However, I am getting health check issue for the GWLB. I capture packets on the firewall and can see packet from the GWLB (10.100.0.94) to the FW (10.100.0.89). but no response. Target group always time out to get a response. I...

KimSiah_0-1685934698777.png
KimSiah_1-1685935127996.png
KimSiah by L1 Bithead
  • 4587 Views
  • 2 replies
  • 0 Likes

VM series Firewalls not removing license on autoscale

So we have had a series of autoscaling VM series in AWS for a while now. We've had a slew of problems with them but the current one I am fighting is that they don't remove the license during an event. This means that the new spun up firewall fails as there is no additional credits for it to consume. The way my cloud team is telling me it appea...

Verac22 by L2 Linker
  • 1111 Views
  • 0 replies
  • 0 Likes

SSL Forward Proxy - Exclude certain IPs from decryption

Hi there, I'm running PA-VM (VM-300) version 9.1.16-h3 in Azure. I have configured response pages which work as expected. However, I cannot seem to stop decryption of SSL traffic for specific source IPs Out of frustration I have configured an any/any do not decrypt run and I can still cleary see SSL traffic being decrypted rather than just the c...

j.rowe by L0 Member
  • 1562 Views
  • 3 replies
  • 0 Likes

PAN-OS Upgrade / Downgrade procedure

I need to rebuild an HA peer for an existing NGFW in our Azure Production environment with minimal downtime. The existing NGFW was deployed as BYOL (Azure Source image plan = byol). The rebuilt HA Peer has been deployed as PayGo (Azure Source image plan = bundle1). The mismatched PAN-OS version is blocking HA peering and config sync. I need to U...

CarlNeal by L0 Member
  • 868 Views
  • 0 replies
  • 0 Likes

Resolved! Commit issue

Hi Team, I am using the VM-series FWs in Azure cloud, while commit I am receiving the following error. I am trying to change the DNS servers for the VM-series FW, as its not resolving the "updates.paloaltonetworks.com" After changing the DNS server & commit error received, Error while on GUI "Commit job was not queued since auto-comm...

vm-series with AWS GWLB

We are to deploy vm-series in AWS with GWLB. The docs says " To ensure that the VM-Series firewall can inspect traffic that is routed between VPC attachments, you must enable appliance mode on the transit gateway VPC attachment for the security VPC containing the VM-Series firewall."In my understanding, appliance mode is used to ensure the stick...

gongya by L3 Networker
  • 1083 Views
  • 0 replies
  • 0 Likes

PAN-OS Downgrade Resulted in Maintenance Mode with No Error Reason

Hello All, A bit of a weird one here: downgrading PAN-OS on a VM series NGFW from 11.2.0 to 11.1.4-h7. The device continually enters maintenance mode after it reboots to finish the installation process to 11.1.4-h7. The curious part is the maintenance entry reason: "No error entry reason detected". Please see the attached photo for clarity. ...

nohash4u by L3 Networker
  • 2249 Views
  • 4 replies
  • 0 Likes

Palo Alto VM Series Routing Problem in AWS

I am working on a greenfield proof of concept and I am running into some challenges. I am trying to get VPC A in Account A to route internet traffic through VPC B in Account B using VPC peering. The Palo Alto VM Series resides in VPC B. Is this configuration possible, or am I forced to use a Transit Gateway or IPSEC VPN? Account A / VPC A CIDR 1...

Not able to set the PANG admin account password after enabling FIPS-CC mode

Hello, When I set up my AWS PANG to FIPS-CC mode I am not able to set the admin account password. I tested the paloaltonetworks.panos.panos_admpwd module before enabling FIPS-CC and it works utilizing the priv key (RSA 4096). I successfully set up one firewall on FIPS-CC and set up the admin account password. My VM Mode Amazon AWSPANG Software V...

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3529 Views
  • 0 replies
  • 0 Likes

DHCP client Interface on OCI PA VM

Hi wondering if come one can help me and I am new to PA I have deployed an OCI PA instance and configured all interfaces as Layer 3 > attached a V-Router and a Zone to interface and selected DHCP client. Still the Ethernet 1/1 is not showing an IP through PA-CLI. Same steps as below URL https://docs.paloaltonetworks.com/pan-os/10-2/pan-o...

  • 709 Posts
  • 107 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks