firewall deployment in Azure Vmware solution (AVS)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

firewall deployment in Azure Vmware solution (AVS)

L3 Networker

Hi All ,

 

We are exploring options to deploy PA VM series firewall in  AVS setup .

 

Could you please share any document which we can refer to start our deployment .

 

Thanks ,

 

4 REPLIES 4

Cyber Elite
Cyber Elite

@deepak12,

Azure's VMware solutions is just baremetal VMware. You'll want to decide if you are actually going to utilize NSX-T or not, but since you're paying for it as part of your subscription I would recommend it personally. You'll want to take a look at the following deployment guides as a starting point. 

 

https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-a-vm-series-firewall-on-...

https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-o...

 

@BPry ,

Thanks , i will check on this. For AVS related can see  below  , so want to check still you recommend for NSX-T as if we go with NSX 3.2.0 version need to deploy Panorama on-prem ?

=========================================================================================

When using the Panorama plugin for VMware NSX 3.2.0, Panorama must be deployed on-prem, not in any public cloud environment, to manage VM-Series firewalls on AVS. This requires a VPN connection between your on-prem Panorama and your public VNet and an ExpressRoute between your public VNet and NSX-T Manager on AVS.

=========================================================================================

@BPry

 

Could you please suggest on below :

 

For NSX-T if we go with NSX 3.2.0 version ,  need to deploy Panorama on-prem ?

=========================================================================================

When using the Panorama plugin for VMware NSX 3.2.0, Panorama must be deployed on-prem, not in any public cloud environment, to manage VM-Series firewalls on AVS. This requires a VPN connection between your on-prem Panorama and your public VNet and an ExpressRoute between your public VNet and NSX-T Manager on AVS.

=========================================================================================

 

L0 Member

Did you were able to deploy Palo VM inside AVS?   Did you used ESX or NSX-T Service insertion mode?  

 

I have tried NSX-T Service insertion mode on AVS we were not able.  Connection to NSX manager was ok, however when trying to deploy  the service, it was asking for the attachment point and none was available, it seems tier0 was not an option as its on active/active and even creating a tier1 it didn't allowed us to select it as an attachment point,  so not sure if I'm doing something wrong or if this is a limitation of NSX-T on AVS.  

 

Any suggestion or feedback is welcome. 

 

thanks

  • 4986 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!