For details on cookie usage on our site, read our Privacy Policy
Deploy PA firewall HA in different availability zone in Azure
- LIVEcommunity
- Discussions
- Network Security
- VM-Series in the Public Cloud
- Deploy PA firewall HA in different availability zone in Azure
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Deploy PA firewall HA in different availability zone in Azure
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-10-2021 01:14 AM
Hi all
Understand PA HA deployment supported since PAN-OS 9.0, so firewall pair can be deployed in the availability set so they are in different hardware cluster in Azure. But may I know anyone tried to form the HA in different availability zone in the same Azure region? Support or not?
Best regards
Alex Tsang
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-12-2021 12:22 PM
We recommend deploying firewalls in separate AZs or at least put them into an Availability Set in Azure. HA mode is supported as well but not typically recommended. The load balancer method is recommended. You can see both setups in our reference architecture guide. https://www.paloaltonetworks.com/resources/guides/azure-architecture-guide
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-21-2021 09:31 PM
From what i can see, the issue is that the VM-series firewall available from Azure Marketplace does not facilitate choosing an Availability Zone. And once the firewall is created, there is no reasonable way to move it into an AZ.
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-21-2021 10:47 PM
I would also like to know how to install it as the only method of deployment in Azure I know of is through marketplace..
Or is there some kind of ovf file provided which we can use for installation.
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-21-2021 11:13 PM
Good morning @raji_toor and @JimMcGrady
The Azure Marketplace offering has limited features and you can't deploy two firewalls over the marketplace in a single Ressource Group.
That why we are using Terraform templates or ARM templates. Below are the link to the ARM Templates with the examples how to use it.
ARM Templates: https://github.com/wwce/azure-arm
Terraform provider: https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/azurerm/latest
How to setup HA in Azure: https://docs.paloaltonetworks.com/vm-series/10-0/vm-series-deployment/set-up-the-vm-series-firewall-...
i hope i could help you.
Regards,
Torsten
- Integration of Palo Alto Firewall with Cortex XDR in Next-Generation Firewall Discussions
- AIops is not showing any data in AIOps for NGFW Discussions
- Firewall whitelist in Next-Generation Firewall Discussions
- OID for network bandwidth usage in kbps in Next-Generation Firewall Discussions
- URL mapping or forwarding in Palo Alto Firewall via GP in GlobalProtect Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
