PA-VM in Azure - multiple Zones? (e.g. DMZ,Trust,Unstrust,etc)

In the deployment guides and conversations I've had it seems that the PA-VM firewall in Azure is typically designed around only four interfaces: trust, untrust, mgmt, HA. Two zones only: Trust/Untrust.  Subnets used to isolate traffic.

In my on-pre

Same subnet VM not able to communicate to internet whereas other is working fine

I have PA-VA in Azure cloud, there is strange behavior for newly build VM 10.1.134.7 where logs are showing allow but machine not able to communicate to internet whereas existing VM 10.1.134.4 working fine.

I just added new VM 10.1.134.7 in the same

No inbound traffic to external firewall interfaces in Azure and change to default NSG behaviour

Just wanted to share my experience with recent project and make you aware of the change in Azure default behaviour, which can save you some troubleshooting.

As you may now, earlier this year Azure introduced Standard SKU for Load Balancers and Public

Risks of the AWS PA-VM license deactivation and reactivation

Can we get anyone explained the potential issues or risks when deactivating the PA-VM in AWS and reactivating them with different auth code?

Here is the use case:

We had a few PA-VM firewalls deployed in the different segments of our AWS environmen

License Fetch failing

I've installed a pair of VM in AWS in HA. 

Currently the license page is blank in the GUI and the licenses seem unable to be installed on the device. I would appreciate ideas and help on how to address this.

This is the result of the configd.log af

Basic rule creation in VM-300 in GCP

Hi All,

We are starting our journey with Palo Alto in GCP. We have FW up and running with 3 interfaces (MGMT-NIC0, Untrusted-NIC1, Trusted-NIC2). 

We struggle to create a basic rule which allows i.e. PING from the host located in Untrusted zone to

Multiple Static Route(s) for PA-VM in Azure

Hello all!

I have successfully deployed a PA VM-300 in our Azure environment and I am a bit confused when it comes to setting up the virtual router for the networks. I've seen a few YouTube videos where people configure one VR with two or more static

Azure Panorama traffic log custom filtering not working

New Panorama build in Azure.

I can get traffic logs from firewall into Panorama

However if I do a filter based on zone or application rule

I get zero results

Filtering only works based on IPs it seems.

Open case with support but I'm wondering anyon

 Integration of PA-1410 with Azure AD for Single Sign On

how to integrate pa 1410 with azure ad for single sign on

2) Customer has Azure AD environment which is multitenant, we need to check if multiple API integration is possible or not

3) BYOD authentication.

To check if SMS gateway integration is po

Azure PAN-OS Software update no showing latest information

Hi all, may i have some idea how is the device -> software screen working logic? is it the firewall will use the management interface ( as per configure at the service route "use management interface for all" ), to contact updates.paloaltonetworks.c

How to restore our Azure firewall setup if upgrade activity fails

Hello,

Would like to know steps one needs to follow in case our devices hosted in the Azure Public cloud fails/goes dead during firmware upgrade activity. We have VM-series firewalls and Panorama on Azure. 

Our firewall pair in HA is implemented us

How to add a Firewall for ALB which is connected to Global accelerator in AWS

I have implemented a security service VPC using VM series and Gateway Load balancer. in the case where traffic is coming thru the IGW, I am able to route incoming traffic from IGW to security VPC for inspection and then back the application ALB. 

H

Panorama and multi cloud orchestration

Hi,

I'm looking into an auto-scaling deployment of PA's in Azure and AWS. Both will be managed by Panorama. What I'm not sure about is if both deployments can be managed by a single instance of Panorama located in Azure or AWS?

Can anyone confirm

S2S VPN with Active/Active FW Behind LB

Hey all,

we have 2 active palos in azure that are behind a public load balancer.

have to create a S2S VPN between our tenancy and another orgs tenancy.

has anyone done this before?

not sure how can get this to work as traffic going through the load b