VM-Series in the Public Cloud
Showing results for 
Search instead for 
Did you mean: 
VM-Series in the Public Cloud
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.


FIPS mode in Azure Government

Has anyone been successful in converting their VM-series appliances running in Azure Government to FIPS-CC mode? The SSH keys I created and allowed for FW management prior to the conversion were wiped out and resetting the keys via the Azure portal d


cl625410 by L0 Member
  • 1 replies

Resolved! NGFW HA on AWS with different AZ

Hi All,


I want to configure Active/Passive HA on AWS, but both the PA-Instance should be in different AZ. How can we achieve this?

I have referred below article: https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series


Azure Network Watcher



i want to do a packet capture on a VM interface using Network Watcher for some traffic on our VM-300 series NGFW but our CSP advises this is not possible.  The extensions section in Azure seems to confirm this.



can anyone advise if this featu



Public IPs with NAT in IPSEC

I've got a rather bizarre setup that I'm trying to integrate with a new customer using a vm-series 300 in AWS. I have setup and established an IPSEC tunnel  (that even comes up when we attempt to send traffic over the tunnel). Where it gets complicat


NAT plan - Copy of Page 1.png

Azure LB Static Route and IPSEC failover


I am having the attached topology. I have two ipsec tunnel from two vm series paloalto to same peer ip which is in prisma cloud. 

on trust side I have an Azure load balancer which would send traffic to 2 firewalls and having a health probe as ssh to



VM firewall HA on AWS


We need to deploy two VM series firewalls on AWS cloud in HA. Both firewalls will be in different AZ. I have below questions-

1. Is it possible to do such configuration?

2. If yes, please share any reference guide?


Thank you in advance

BK0007 by L2 Linker
  • 1 replies

Azure Network Watcher VM extension?

Hello... is it possible to install that Azure Network Watcher VM extension to enable traces and packet captures from the PA VM to the Azure gateway?  It would be handy to help troubleshoot connectivity issues between the PA and the GW.  Thank you.

eosminer by L1 Bithead
  • 4 replies
Top Solution Authors
Top Liked Authors