This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VM-Series in the Public Cloud
The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.
About VM-Series in the Public Cloud

Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the VM-Series in the Public Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3504 Views
  • 0 replies
  • 0 Likes

AWS Reference Architecture, Subnet Sizes and Automation

1. The AWS Reference Architectures (AWS - Palo Alto Networks) and associated automation libraries all use a /16 CIDR for the Security VPC and a /24 for each subnet - including those for the TGW attachments and GWLB endpoints. AWS recommend deploying these resources in the smallest subnet available, a /28 - as they use a single IP and should not ...

mb_equate by L3 Networker
  • 3358 Views
  • 1 replies
  • 0 Likes

Paloalto GWLB cluster IPsec tunnels with on-prem

Dear Team, I want to deploy Paloalto 2 - VM-300 with integration of GWLB on AWS. both will be active and passing the traffic. However i have referred Paloalto documents with two-arm mode and one-arm mode. I will be having an IPsec connectivity with (on-prem DC) in this case, how this will work ? on prem user >>> IPsec >>&...

Unable to access the web end point when the VM series is deployed in Azure availibility zones

Hi Team, I initially deployed firewall VM series in no zones. Created each VM with the 3 interfaces(Management with public ip address), when It is deployed in no zones, I am able to access the web endpoint using public ip of the mgmt public IP. however, I am not able to access the web interface of the firewall when I deploy VMs series in av...

Capture.PNG
image (3).png

Session synchronization for Azure VM series bundle2 with Applicaion gateway

Hi TeamPublic cloud : Azure Plan : Bundle2We are planning to setup the Azure VM series Palo Alto on Azure cloud for one of the clinet and use the Application gateway as the load balancing solution.as per the documentation(https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kHgC), realized when an Application gateway solu...

AWS: GWLB endpoint mapping in Central Design Model

I'm trying to understand the use of GWLB endpoint mapping in an AWS Central Design Model deployment, other than separating VPC traffic flows from that of the GWLB itself - or separating outbound from east-west. In this model, the source zone on the firewall is determined by the destination address in the encapsulated packet, via the route tabl...

mb_equate_1-1706168663602.png
mb_equate_3-1706168811998.png
mb_equate_4-1706173404403.png
mb_equate by L3 Networker
  • 2398 Views
  • 0 replies
  • 0 Likes

Resolved! Sub Interfaces or VLAN interfaces supported on VM-300 in AWS?

Hi, We were wondering if sub-interfaces or VLAN interfaces are supported on the VM seriies in AWS. We would like to separate customer traffic using these VLANs/ sub-interfaces as we do in our own DC, but it doesn't seem possible in AWS on the VM-300 as there are no options when I highlight the individual interface. If sub-interfaces and VLANs a...

pmchenry by L0 Member
  • 9656 Views
  • 6 replies
  • 0 Likes

Configuration demonstration of this procedure

Hello; I´m trying to deploy the next configuration https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClDBCA0#:~:text=As%20a%20reminder%2C%20multiple%20public,Multiple%20public%20IP%20support%20here. in azure, But I´m having issues. I attach a public ip to the firewall nic, do static nat (with the private ip address associ...

ajarem by L0 Member
  • 724 Views
  • 0 replies
  • 0 Likes

How Do I create Multiple IPSec Tunnels in VM-Series on AWS from One VM to another VM In Azure?

Hi, I am interested in knowing if we can create multiple IPSec Tunnels from a Palo Alto VM FW in one cloud to a Palo Alto VM FW in another cloud and bundle them together to get higher throughput to interconnect Public Clouds like AWS, Azure, OCI and Google. If some one can point me to the right document, appreciate that very much Thanks ...

Mohammad_Saeed_0-1706030494314.png

Amazon EC2 Maintenance: Instance scheduled for reboot "VM Series"

We recently got the following message from AWS regarding one of our VM Series firewalls: "One or more of your Amazon EC2 instances are scheduled for maintenance. These instances are listed in the Affected Resources Tab. During this time, the instances in the XYZ region will be unavailable and rebooted.At any time before 2024-01-26 06:00:00 UTC...

HA gateway pair in Azure?

In 2020, i worked on implementing a HA pair of VM300 gateways in Azure. At that time, use of API calls for node failover was problematic (several minutes for failover to complete), so the "load balancer sandwich" approach was taken. Now, in 2024, has progress been made? Is there a cleaner way of implementing HA?

GCP VPC Peering

Hi, We are deploying PA VM in GCP (Common Firewall Deployment Architecture). Deployment Architecture is attached. In Trust VPC we have configured Internal Load Balance (TCP), Created VPC Peering between Trust VPC & Web VPC. From Trust VPC Instance (VM) we are able to ping Web VPC Instance (VM) & Vice Versa. Web VPC Default route is...

Resolved! IKEv2 IKE SA negotiation is failed as responder, non-rekey. Failed SA

I am not sure why am I getting this IKEv2 IKE SA negotiation is failed as responder, non-rekey. Failed SA error when my custome is trying to send traffic to my VM-100 via IPSEC tunnel. This was working until yesterday but suddenly it stopped working since morning. There isn't any changes happened on both sides. Attached logs. ====> Failed SA...

kshukla by L1 Bithead
  • 162213 Views
  • 9 replies
  • 2 Likes

VM series firewall on AWS | subnet planning

I'm planning to deploy VM series on AWS cloud, however I need clarification on VM subnet selection. As per documentation, we have to attach 3 NIC in the VM , one each for Mgmt,WAN & LAN. My question is whether all NIC have to same AZ, e.g us-west-2a ? I've designed 10.100.0.0/16 for VPC and 10.100.0.0/24,10.100.2.0/24,10.100.4.0/24 for 1a-,1...

  • 704 Posts
  • 107 Subscriptions
Latest Comments
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks