This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3500 Views
  • 0 replies
  • 0 Likes

AWS changing aes for ike and ipsec doesnt allow traffic to pass

Hello,We have a successful tunnels to our VPC and traffic is passing. We used the AWS downloaded cofing to guide us on the PAN side. Now when I change the ike and ipsec settings to different ciphers, say from aes128 to aes256 the tunnel stays up and is extablished but we cannot pass traffic. Anyone else run into this? Thanks in advance!

Resolved! Azure vm-monitoring script for many subscriptions

Has someone used azure-vm-monitoring script to query VM-information from more than one subscription?The case is that we have many subscriptions and willing state is to use single instance of vm-monitoring script to query all the VM's from the all subscriptions and push that info to firewalls. What are the options?

ilkleh by L0 Member
  • 4749 Views
  • 3 replies
  • 0 Likes

Resolved! AWS ALB/NLB Sandwich - Cloud formation deployment failure.

Afternoon, I'm just curious if anyone has run into this before. I've tried 3-4 times today to deploy the ALB/NLB Load Balancer sandwich to no avail. The deployment guide seems pretty straight forward but still not having much luck. It seems to get to this spot, then fails back. Cloud Formation - Status: ROLLBACK_COMPLETE. I've tried in the Eas...

screenshot.jpg

PAN-VM Admin password problem on CLI and Web after PANOS upgrade

I did deploy pan-vm-300, with an ARM template, on the template I defined admin account and password. I got access and everything was operationalI upgraded it from 8.1.0 to 8.1.3. after that I am not able to log back in with the original credentials used on my ARM template.do anyone have an idea what is happening? Thanks in advance.

Kaliman by L2 Linker
  • 3302 Views
  • 1 replies
  • 0 Likes

Using the ELB Scaling v2.0 cfn templates

Hi, I am trying to use https://github.com/PaloAltoNetworks/aws-elb-autoscaling/tree/master/Version-2.0 for setting up a PoC. I went through the docs and was able to get a pair of PANFW running with some changes to the IAM roles required as per the cloud formation templates. The ALB (ELBv2) is exposed on port 80 on the frontend. But ALB seems to ...

jerrygb by L0 Member
  • 2317 Views
  • 0 replies
  • 0 Likes

AWS Multi-AZ HA Palo deployment with three zones

Hello, I'm looking for any walkthroughs using lambda functions to move the EIP between Palo's in two Availability Zones. My assumption would be EIPs in two subnets for each of the three zones. How to accomplish access to Prod and DMZ:S2S VPN connections to the Palos to prod and DMZ. ELB endpoints to Prod and DMZ. For public IP address, I assume ...

Palo Alto HA in AWS.JPG
Coveny by L0 Member
  • 2870 Views
  • 0 replies
  • 0 Likes

Resolved! AWS IPSEC VPN ISSUES with redundant tunnels

Hi We have around 6 different IPSEC tunnels configured on the PAN with AWS. However we are trying to troubleshoot an issue, which we think could be related to as asymmetric routing. For e.g if traffic is send from one tunnel, and AWS sends it via the 2nd tunnel, the PAN will be dropping these. So we have temporary disabled one of the active tunn...

Resolved! AWS IPSec Tunnel success?

Hello folks, I am so close to a successful AWS IPSec tunnel to my on premise (test) PA200 7.1.15. I've downloaded the configuration file and using it as a guide, IPs, etc.But I've been using this article to configure. Main difference is I created a specific AWS zone like I do for all my IPSec Tunnels. http://www.richardyau.com/?p=240 I am able...

paaws1.jpg
paaws2.jpg
paaws3.jpg
awscorrection1.jpg
OMatlock by L4 Transporter
  • 13848 Views
  • 9 replies
  • 1 Likes

Getting AWS Transit VPC to learn routes from Palo Virtual Editions

I'm in the process of implementing a Transit VPC setup on AWS. However, before I automate it, I want to understand it, so I'm opting to do a manual build initially. I've been successful with getting the tunnels stood up between my Transit VPC Palos and the subscriber VPCs, as well as getting either side to learn routes from the other. However, ...

dmcneill by L0 Member
  • 10107 Views
  • 5 replies
  • 0 Likes

Resolved! PANOS is not able to see the public IP of a client in the Traffic Logs if using an AWS Public ALB

Hello, I've been trying to get past what seems to be a shortfall of the AWS ALB and PANOS alike. Please let me build you my current issue. I am trying to set up a "loadbalance sandwich" such that a public AWS ALB will be load balancing between two PANW firewalls (different AZs), and then the firewall will pass traffic to an internal AWS ALB. The...

JD-SECD by L1 Bithead
  • 8161 Views
  • 1 replies
  • 0 Likes

Azure AppGateway thinks VM Series firewall is unhealthy

I am implementing this scenrio https://github.com/PaloAltoNetworks/azure-applicationgateway Here is the flow of traffic internet->App Gateway(public ip)->VM Series-> ILB->Web Servers(4) I only have 1 firewall appliance for now. Azure application gateway connects with Palo Alto VM Series over port 80.Application gateway keeps on think...

  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks