This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3501 Views
  • 0 replies
  • 0 Likes

Resolved! Troubleshooting classic ELB

I have a support call scheduled for tomorrow but if anyone has any ideas about this that would be greatly appreciated. I deployed the classic ELB template example successfully. My customer then took the firewall.template and integrated it into their stack making it a nested stack feeding it all the parameters required. The firewalls come up in a...

PerryK by L2 Linker
  • 6216 Views
  • 5 replies
  • 0 Likes

Resolved! vpc-classic-v1.2.1.template issues

So I deployed this template exactly as described on the site. I kept all the default pre-populated settings where possible and used my own S3 buckets. Tried it both with and without nat gateways. This is with 3 AZ in us-east-1. All the AWS artifacts get created, the nested stack gets created, but the firewalls do not! I checked the logs from the...

PerryK by L2 Linker
  • 3968 Views
  • 3 replies
  • 0 Likes

Can PA block IP address in X-Forwarded-For ?

Hello, I built the sandwich type with external ELB & internal ELB.As you know, external ELB shifts original client IP to X-Forwarded-For.I enabled 'Use X-Forwarded-For Header in User-ID and I looked XFF IP in user-id of URL Filtering logs.But PA has not shown XFF IP in traffic logs. I would like to block XFF IP using user-ID. If anyone knew ...

Resolved! Finding Serial # and CPU ID from AWS

So frustrating! I have been trying to register with Palo Alto so I can be authorized to use my VM I set up in AWS. No one I have asked seems to know where I can get the following information to use my VM and see the PA portal. If anyone can tell me exactly where I can find this information, please let me know. Thanks.

serial.png

Resolved! VM-Series in Azure Marketplace charges

Some basic cost based questions here from a newbie: After deploying Bundle-1 of the PAYG VM-300 series from the Azure Marketplace:- if I "stop" the instance, I won't get Azure compute charge BUT will Palo Alto continue to charge me for the license or other misc charges? [I understand storage charges will continue]- will stopping the instance m...

kjsteven by L0 Member
  • 6471 Views
  • 3 replies
  • 0 Likes

Site-to-Site VPN from a Palo Alto Firewall in the AWS.

Folks,We have provisioned a Palo Alto Firewall in one of the AWS VPC. This is essentially a single legged deployment and the function of this firewall will only be to act as a transit firewall. This firewall will have VPN connectivity to the corporate firewall and to some other remote VPC's. Traffic filtering will be done on this Palo Alto Firew...

nson2139 by L3 Networker
  • 18555 Views
  • 15 replies
  • 0 Likes

AWS securing outbound communication in private subnet

I've a private subnet in AWS that needs to be locked out from Internet access. But the instances in this private subnet need to access specific set of hosts (say update.java.com, update.ubuntu.com etc). Obviously the IP address associated with these hosts are dynamic. Does Palo Alto Networks Firewall (or any other solution) solve this scenario? ...

foobar7 by L1 Bithead
  • 6198 Views
  • 5 replies
  • 1 Likes

Looking for a recommendation for Azure "internal Load balancer" when using PA redundant Firewalls

Hi, I have deployed redundant PA Firewalls with the internal Azure load balancer to provide resiliance - thos is working however the "internal load balancer has significant limitations. I am looking to see if anyone has any recommendations for 3rd party load balancer (taking into account cost and operation in this environment) The limitations o...

alosty by L0 Member
  • 13216 Views
  • 10 replies
  • 0 Likes

IPSec VPN from EC2 server to remote Palo Alto possible?

Folks. I have a requirement for setting up an EC2 Windows server in a remote Amazon region for receiving files. On this server, I need some custom API stuff (easy) to allow file transfer from the Internet - but I also need a secure VPN to my normal site elsewhere to I can connect to several databases and other services which are *not* available ...

darren_g by L4 Transporter
  • 3041 Views
  • 1 replies
  • 0 Likes

AWS / Multiple subnets across multiple AZs - Multiple NICS?

Very new to VM-300 and PA, deploying it in AWS with 2 availability zones. We'd like to have 3 private subnets in each AZ - DMZ, application, and data, as well as a public subnet for the EIP interface. Ideally all traffic between subnets would flow through the VM-300, but this doesn't seem possible to us without multiple NICs, one per subnet. I...

spetty01 by L0 Member
  • 4382 Views
  • 3 replies
  • 0 Likes

AWS Auto Scaling Template version 2.0

I am trying to go through the Auto-Scaling Template for VM on AWS 2.0. I have a few question around the template. Is there a reason that we are using a NAT gateway? Are we going to support a EIP on the Management interface so that we don't need to deploy a bastion host (jump box). Are we going to support multiple more than two AZ's in future r...

svacca by L1 Bithead
  • 3205 Views
  • 1 replies
  • 0 Likes

Palo Alto VM 300 behind AWS ELB with public HTTPS traffic forwarded to it

Hi,my existing environment have a nearly 20 AWS load balancers which are public facing, now I want to implement Palo Alto VM 300 behind this ELBs, and monitor and trasalate the traffic to the backend instances. I've tested this requirement with one load balacners, however when I'm adding my second load balancer, the port trasalation is not work...

NithinN by L0 Member
  • 4626 Views
  • 2 replies
  • 0 Likes

SMB Slowness via PA firewall in Azure Cloud

Hi team,We have deployed PA VM300 series firewall in Azure US West and Azure US East. When a server from US West tries to copy data of 500 Mb to US East server the maximum transfer rate is between 200 - 500 Kbps. When the same file is copied bypassing the firewall, the file transfer rate is 50~60 Mbps.Tried configuring MSS settings to the interf...

OMS Dashabord

Has anyone tried to connect multiple Palo Alto devices to Azure OMS for the purpose of using Log Analytics? We currently have a server configured to forward Palo Alto syslog files to OMS, but from what I can see there doesn't appear to be any OMS solutions that deal with the kind of data that is coming from the Palo Alto devices. What we are loo...

  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks