This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3522 Views
  • 0 replies
  • 0 Likes

AWS Privatelink for Hub and Spoke Topology

HI all, Need some assistance with someone who has familiarity with deploying VM-Series FW in AWS w/ AWS Privatelink....our organization currently has an existing environment that we are currently leveraging TGW's for Interconnectivity between Accounts w/ a side of VPC Peering, tends to be a bit of a rodeo. This overall seems costly compared to...

Murph by L1 Bithead
  • 1342 Views
  • 0 replies
  • 0 Likes

Palo Alto Firewall in Azure backup

Got some PA-VM-FLEX in GCP and Azure. I could create a backup routine for the GCP ones, but, I can't complete a backup for the Azure one. Found some old topics saying it is not possible to backup VM PA in Azure with Azure backup. Is that true? So, if Azure Backup routine doesn't work, what's the way to backup the VM to restore in case needed?

isobrado by L0 Member
  • 4435 Views
  • 2 replies
  • 0 Likes

install PA into VMC

Hi, we have Vmware VMC (managed vmware env, with nsx) and would like to install PA into to create a separate DMZ. We have found multiple articles about doing this in AVS (azure's version of managed vmware) but not VMC. Can this be done? Posting an video on how to in AVS, but since we cannot modify the segment gateways in VMC not sure how to prop...

gjbrown by L0 Member
  • 547 Views
  • 0 replies
  • 0 Likes

Can VM-FW in Azure provide IPv6?

Hello, I would like use VM-FW on Azure for IPv6?I looked at the following document. https://docs.paloaltonetworks.com/vm-series/11-1/vm-series-deployment/about-the-vm-series-firewall/ipv6-support-on-public-cloud It seems to provide IPv6 only on AWS. Is it right?

Cloud PKI and Global Protect user authentication

Hi, We are trying to deploy the user authentication for Global Protect using Cloud pki Azure certificate. Anyone has deployed this successfully. A certificate has been generated in Cloud pki and imported to Palo alto VM-100. Also we have pushed the certificate via intune to client devices for testing. it didnt worked. any idea?

VM-series Failover issue

We have deployed Palo Alto VM-Series firewalls in Azure in Active/Passive mode. When the active firewall fails, the passive firewall successfully becomes the active one. This behavior is reflected correctly in both the firewall interface and the floating IPs within the Azure portal, and the traffic flow is unaffected during this transition. Ho...

Resolved! VM Series in Azure - Active/Passive or Active/Active

Hello I have currently 1 firewall VM-Series deployed on Azure. We plan to deploy a second for HA. My question is : is-it recommanded to configure the cluster in Active/Passive mode ? Or to configure the 2 VM-Series as active FW with Azure Load Balancer (what is the risk to have assymetric trafic) ? Regards Jerome

AWS VM Series GWLB with Overlay routing - outbound and inbound

Hi, I’m using 2 active VM series firewalls for outbound sessions with overlay routing, with GWLB and Transit Gateway (TGW) between the Application VPC and the Security (firewall) VPC. This is working as expected. Inbound connections fail to establish. The need for overlay routing is for managing NAT and VPNs on the firewall. An external (3rd pa...

patoil by L2 Linker
  • 17338 Views
  • 21 replies
  • 1 Likes

PA-VM in AWS with Decryption Rule - server side connection kept open

Hello, running 11.1.2-h3 on AWS with decryption rule. The setup is: Windows Client --> FW --> Web-Proxy --> Internet Firewall decrypts the traffic (so firewall itself acts like proxy). After the client side connection is closed with TCP-FIN, the firewall keeps server side connection to Web-Proxy and both firewall and Web-Proxy exchanges...

Ingest Palo Alto logs to SIEM tool (Splunk) using Eventhub

Hi All, We're looking into some sort of cloud-based solution to route our Palo Alto firewall logs to across our customer base. I was intrigued by the Event Hubs (https://azure.microsoft.com/en-us/products/event-hubs/) solution as a way to push logs to it and then ingest them from there into our SIEM (Splunk). Is there a way, we can directly pu...

Palo Alto VM series deployment in Azure Cloud

Hello Everyone, We are planning to deploy two VM series firewalls in our Azure landing zone. In our case, Palo Alto firewall is like a data center firewall and we have a Fortigate in the perimeter. All outbound traffic from cloud servers will hit the Palo Alto first and then move to the Fortigate and then to the internet. All inbound traff...

PaloAlto integration with Azure GWLB

Hello!i'm trying to integrate 2 PaloAlto VMs with Azure GWLB. i found out this guide from PaloAlto: https://docs.paloaltonetworks.com/vm-series/11-0/vm-series-deployment/set-up-the-vm-series-firewall-on-azure/deploy-the-vm-series-firewall-with-the-azure-gwlb i didn't use the ARM template, so i'm trying to configure manually the gwlb parameters i...

  • 709 Posts
  • 107 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks