This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3543 Views
  • 0 replies
  • 0 Likes

Resolved! AWS IPSec Tunnel success?

Hello folks, I am so close to a successful AWS IPSec tunnel to my on premise (test) PA200 7.1.15. I've downloaded the configuration file and using it as a guide, IPs, etc.But I've been using this article to configure. Main difference is I created a specific AWS zone like I do for all my IPSec Tunnels. http://www.richardyau.com/?p=240 I am able...

paaws1.jpg
paaws2.jpg
paaws3.jpg
awscorrection1.jpg
OMatlock by L4 Transporter
  • 14139 Views
  • 9 replies
  • 1 Likes

Getting AWS Transit VPC to learn routes from Palo Virtual Editions

I'm in the process of implementing a Transit VPC setup on AWS. However, before I automate it, I want to understand it, so I'm opting to do a manual build initially. I've been successful with getting the tunnels stood up between my Transit VPC Palos and the subscriber VPCs, as well as getting either side to learn routes from the other. However, ...

dmcneill by L0 Member
  • 10327 Views
  • 5 replies
  • 0 Likes

Resolved! PANOS is not able to see the public IP of a client in the Traffic Logs if using an AWS Public ALB

Hello, I've been trying to get past what seems to be a shortfall of the AWS ALB and PANOS alike. Please let me build you my current issue. I am trying to set up a "loadbalance sandwich" such that a public AWS ALB will be load balancing between two PANW firewalls (different AZs), and then the firewall will pass traffic to an internal AWS ALB. The...

JD-SECD by L1 Bithead
  • 8278 Views
  • 1 replies
  • 0 Likes

Azure AppGateway thinks VM Series firewall is unhealthy

I am implementing this scenrio https://github.com/PaloAltoNetworks/azure-applicationgateway Here is the flow of traffic internet->App Gateway(public ip)->VM Series-> ILB->Web Servers(4) I only have 1 firewall appliance for now. Azure application gateway connects with Palo Alto VM Series over port 80.Application gateway keeps on think...

Confirm if Azure App Gateway documentation is correct

https://www.paloaltonetworks.com/documentation/80/virtualization/virtualization/set-up-the-vm-series-firewall-on-azure/deploy-the-vm-series-and-azure-application-gateway-template/start-using-the-vm-series--azure-application-gateway-template/sample-configuration-file Address objects—Two address objects, firewall-untrust-IP and internal-load-balan...

Knowledge Base article Limiting access to AWS S3 buckets - Solution is misleading

Dear Knowledge Base Team, The article https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClDICA0 discussing Limiting access to AWS S3 buckets contains wrong instruction. The author did not understand what was the difference between AWS S3 service and S3 bucket. It is impossible to deny access to an S3 bucket using AWS IP a...

JamesRen by L1 Bithead
  • 3793 Views
  • 0 replies
  • 2 Likes

Resolved! Quick Question about Azure AppGateway VM Series Deployment

We have an existing environment where Palo Alto VM Series was deployed by somebody who is no longer at the company.I was told that it has never worked. Primary purpose of the firewall is to secure inbound web traffic.Current configuration is: AppGateway->LB->2 VM Series->ILB->Web Servers VM Series VM's had 3 Network interfaces.I can ...

Palo VM300 Azure routing issues?

Working with a Palo VM300 series in Azure and have some issues that I just can't figure out... We have the VM inside of a 10.x.x.x/16 subnet. 1 subnet (10.x.x.x/24) carved for each of the interfaces (trusted, un, mngmt) and 4 more subnets for various other VMs and such. We have UDRs setup for all 3 interfaces as well as a UDR setup for the othe...

PA VM 300 behind AWS ALB

Hi All, Recently we have deployed PA VM 300 along with CSR in Transit VPC. Have implemented AWS ALB in front of palo for connecting to one of the web server behind the palo. Now, I want to connect to another webserver which is hosting a different application. I am confused how do we achieve this. abc.com ---> ALB(80)-->untrust(Nat to webse...

Seema by L0 Member
  • 2995 Views
  • 1 replies
  • 0 Likes

Resolved! HA configuration in the AWS

Folks,some what confused on how to start with this. I went through all the documentation which talks about an IAM policiy and definining roles ubt am not able to get where to configure this. My requirement is to have a firewall with an untrust/trust interface and a management interface. I believe I will need an additional HA interfaces as well. ...

nson2139 by L3 Networker
  • 3941 Views
  • 1 replies
  • 0 Likes

Azure - Access to External Azure resources

We have a servers running in Azure with a B2B. Recently they started using BLOB storage and to load the data into the blob it goes to a public IP outside of our B2B. We like to control where our Servers go out to the internet but the problem is that there 100's of addresses (maybe a 1000) that are used by AZURE in North America) Does anyone ha...

PaloAlto Redundant VPN tunnel with NAT-T between datacenter and AWS environment

Dear All, Can you share your views/suggestions for below questions. Thank you1. What is the standard best practice for setting up redundant VPN tunnel with NAT-T with PaloAlto between datacenter and AWS customer environment2. Can we have two PaloAlto FW in two different vlans as Active-Active configuration without any sort of sync between them b...

2x Transit VPCs in the same account?

I have built a Lab Transit VPC + Sub config and am planning to add Non-Lab Transit VPC + Subs config. I'd like to use the same account for both Transit VPCs. Has anyone tried this? I would prefer not to break the existing Transit-Lab by standing up another, hoping that someone has tried this before. Cross posted on Git.

jschamp by L0 Member
  • 3512 Views
  • 3 replies
  • 0 Likes
  • 709 Posts
  • 107 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks