PA-VM in Azure - multiple Zones? (e.g. DMZ,Trust,Unstrust,etc)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PA-VM in Azure - multiple Zones? (e.g. DMZ,Trust,Unstrust,etc)

L4 Transporter

In the deployment guides and conversations I've had it seems that the PA-VM firewall in Azure is typically designed around only four interfaces: trust, untrust, mgmt, HA. Two zones only: Trust/Untrust.  Subnets used to isolate traffic.

 

In my on-prem setups I've always had zones associated with either the interfaces or VLANs on those interfaces to help differentiate application of policies. I feel like it makes in plainly obvious in the policy where that traffic is coming from and going but prevents inadvertently allowing something you don't want allowed.

 

I'd prefer to keep the ability to use the zones vs subnets and subnet groups. Is there a way to create another Zone for a subnet within Azure?  I don't believe VLAN's are available in Azure so that options seems out.  I'd like to setup a DMZ zone since that just seems more elegant to use and easier to read when looking at Policies.

 

Palo support had suggested adding another interface but that doesn't seem like an option nor does it seem advisable based on what is considered a standard setup in Azure. The VM that the PA-VM runs on right now too is limited to four interfaces.

0 REPLIES 0
  • 1064 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!