This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3526 Views
  • 0 replies
  • 0 Likes

Static NAT in Microsoft Azure

Need to Map internal server with Public IP (Static NAT ) with specfic ports exposed to the internet. I belive the public IP needs to be associated with Azure load balancer . Request some one to share the config of azure as well the Palo alto config .

Amaresh by L1 Bithead
  • 13523 Views
  • 5 replies
  • 0 Likes

ARM template Azure

We want to create a firewall with four or more interfaces (instead of the default 3) in Azure. We understand that for this to work, we will need to use ARM templates. I have downloaded the ARM-template from here and edited it to contain four interfaces: https://github.com/PaloAltoNetworks/azure/tree/master/vmseries-avset I have deployed my edite...

mathiasj by L1 Bithead
  • 6280 Views
  • 4 replies
  • 1 Likes

Building/Updating IPsec Tunnels Dynamically

Hi, We have roughly 30-40 VPN tunnels built to AWS from on-prem, each being used by a different business unit for development. What happens though, is during their process they are forced to blow away their EC2 instance and create a new one. AWS then assigns new public IPs to them. Is there any way for us to pull that information in and have our...

nicford by L2 Linker
  • 3042 Views
  • 1 replies
  • 0 Likes

Resolved! Cannot ping FW from CentOS connected VM

Dear experts; I have the following setup in Azure: CentOS-1 --------(fwVNET/Trust)-----FW----------(fwVNET/Untrust)-----CentOS-Untrust But I cannot ping FW interface even with all Mgmgt profiles and addresses configured (which are in same subnet obviously). All NSG's in Azure allow ICMP, and even SSH is not allowed. Can anyone help?

Resolved! Azure deploy avset github ARM template with managed disks

Hello, We are going to deploy a couple of PA firewalls with this templatehttps://github.com/PaloAltoNetworks/azure/tree/master/vmseries-avset It's a nice start, but we want some changes to be made. And I was hoping someone could help out with the following additions/changes. - Just one choice as vm size : DS4_v2- No storage account, but instead...

i can´t chance the de group access password

Hello everyone, i hope you can help me, as the last time, now i have the problem with one of the configured groups.i need to change the group password to acces by a native VPN from a iphone, so i change the password from a 8 characters password to a 12 characters password, i do it, but, when i enter again to the configuration the password again ...

96415 issue re-occurred in 7.1.6

96415 issue is recorded as fixed in 9.1.4, however I am still seeing it in 7.1.6.Please advise what version of firmware is this error fixed?? Is this fixed in 8.0.0+? Thank you. 96415Fixed an issue where the firewall failed to pass traffic in strongSwan and Azure IPSec tunnels while using IKEv2 because it did not send a Delete payload during a ...

Resolved! Site to Site VPN IPSec issue between PA and Azure

Hello, I have some problem to configure a VPN between my Palo Alto and Azure.I follow this tutorial : https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-VPN-Tunnel-Between-a-Palo-Alto-Networks/ta-p/59065 So I have this configuration:Tunnel Interface: It’s an IP in /32 include in the subnet of the Azure gateway (in /29) ...

Interface Tunnel.PNG
IKE Gateway General.PNG
IKE Gateway Advanced Options.PNG
IKE Crypto Profile.PNG

Transit VPC with P.A.

Does anyone have experience with a services/transit VPC at AWS? Wondering specifically about experience with thoughput with the palo alto managing the transit traffic between the corporate office and multiple VPC's.

Slow GP throughput in AWS

Doing a PoC of a Palo Alto Bundle 2 to see if we can send internet traffic through it from our main sites to replace our existing Web Proxy. While it appears that the design is working, the Agent is very slow. I have a Squid proxy setup in the same VPC and if I point my browser to it, I can get up to 600 Mbps download speeds, but using the agen...

Confirm Xpath for rule build (not sure if github code is right for new rule add

Can someone cofirm if belwow github syntax is correct? When I try it weird is that I see rule hit palo alto in the logs but rule never actual builds and when I try syntax via web it showns :<![CDATA[ clyde -> source has unexpected text. ]]> but command i show spt on mathch when comparing my script to xpath on git hub parameters = {'xpat...

Azure Nat Configuration

With the NAT VM no longer being required and you can assign a public address to NIC1 I have a question on the NAT process concerning only connectivity from resources to the interent. Do you need to configure a source nat policy or do you just forward traffic to 0.0.0.0/0 via a static route to the .1 address of the subnet on NIC1 and the Azure e...

r24481 by L1 Bithead
  • 6590 Views
  • 2 replies
  • 0 Likes

Site to Site VPN IPsec b/w Palo Alto and Cisco with only public IP as Mgmt interface on Azure

Hi Experts, Trying to setup Palo Alto VM series in Microsoft Azure ( 3 interface Mgmt ,Trust and Untrust) and only public ip is assigned to Management interface . In order to create the Site to Site VPN ipsec b/w Cisco ASAv and Pao Alto Fw the only interface available is Mgmt which has public ip but the Palo Alto Gui is not allowing me to u...

Resolved! v7.1 in Azure

Now that 8.0 is out, is it not possible to deploy a 7.1 VM in Azure? I see no options to choose and it deploys a 8.0 VM when you do it. I tried downgrading to 7.1 and get "New format of serial assigned for VM. This VM cannot be downgraded." So it appears I'm forced to deploy 8.0? I don't know about you guys, but I hate going to a new major r...

  • 709 Posts
  • 107 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks