This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3502 Views
  • 0 replies
  • 0 Likes

i can´t chance the de group access password

Hello everyone, i hope you can help me, as the last time, now i have the problem with one of the configured groups.i need to change the group password to acces by a native VPN from a iphone, so i change the password from a 8 characters password to a 12 characters password, i do it, but, when i enter again to the configuration the password again ...

96415 issue re-occurred in 7.1.6

96415 issue is recorded as fixed in 9.1.4, however I am still seeing it in 7.1.6.Please advise what version of firmware is this error fixed?? Is this fixed in 8.0.0+? Thank you. 96415Fixed an issue where the firewall failed to pass traffic in strongSwan and Azure IPSec tunnels while using IKEv2 because it did not send a Delete payload during a ...

Resolved! Site to Site VPN IPSec issue between PA and Azure

Hello, I have some problem to configure a VPN between my Palo Alto and Azure.I follow this tutorial : https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-VPN-Tunnel-Between-a-Palo-Alto-Networks/ta-p/59065 So I have this configuration:Tunnel Interface: It’s an IP in /32 include in the subnet of the Azure gateway (in /29) ...

Interface Tunnel.PNG
IKE Gateway General.PNG
IKE Gateway Advanced Options.PNG
IKE Crypto Profile.PNG

Transit VPC with P.A.

Does anyone have experience with a services/transit VPC at AWS? Wondering specifically about experience with thoughput with the palo alto managing the transit traffic between the corporate office and multiple VPC's.

Slow GP throughput in AWS

Doing a PoC of a Palo Alto Bundle 2 to see if we can send internet traffic through it from our main sites to replace our existing Web Proxy. While it appears that the design is working, the Agent is very slow. I have a Squid proxy setup in the same VPC and if I point my browser to it, I can get up to 600 Mbps download speeds, but using the agen...

Confirm Xpath for rule build (not sure if github code is right for new rule add

Can someone cofirm if belwow github syntax is correct? When I try it weird is that I see rule hit palo alto in the logs but rule never actual builds and when I try syntax via web it showns :<![CDATA[ clyde -> source has unexpected text. ]]> but command i show spt on mathch when comparing my script to xpath on git hub parameters = {'xpat...

Azure Nat Configuration

With the NAT VM no longer being required and you can assign a public address to NIC1 I have a question on the NAT process concerning only connectivity from resources to the interent. Do you need to configure a source nat policy or do you just forward traffic to 0.0.0.0/0 via a static route to the .1 address of the subnet on NIC1 and the Azure e...

r24481 by L1 Bithead
  • 6459 Views
  • 2 replies
  • 0 Likes

Site to Site VPN IPsec b/w Palo Alto and Cisco with only public IP as Mgmt interface on Azure

Hi Experts, Trying to setup Palo Alto VM series in Microsoft Azure ( 3 interface Mgmt ,Trust and Untrust) and only public ip is assigned to Management interface . In order to create the Site to Site VPN ipsec b/w Cisco ASAv and Pao Alto Fw the only interface available is Mgmt which has public ip but the Palo Alto Gui is not allowing me to u...

Resolved! v7.1 in Azure

Now that 8.0 is out, is it not possible to deploy a 7.1 VM in Azure? I see no options to choose and it deploys a 8.0 VM when you do it. I tried downgrading to 7.1 and get "New format of serial assigned for VM. This VM cannot be downgraded." So it appears I'm forced to deploy 8.0? I don't know about you guys, but I hate going to a new major r...

Resolved! VPN with Azure falling down

Hi at all!I have a problem with a VPN with Azure, after 50 minutes circa the VPN stops working and doesn't restart.I checked the configuration and everything is right.This message appears in logs: "IKEv2 child SA negotiation is failed message lacks KE payload". Can you help me to resolve this issue? Regards,Daniele

DKanta by L2 Linker
  • 12487 Views
  • 2 replies
  • 0 Likes

Azure VM Series and mgmt-interface-swap

Is there a native capability with the VM Series CLI to execute the mgmt-interface-swap command? I would like to attach an Azure Load Balancer to the UNTRUST interface on eth0 so that I can force all internet facing application traffic through the VM Series firewall in my Azure vNET.

gduncan by L1 Bithead
  • 5673 Views
  • 4 replies
  • 0 Likes
  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks