- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-26-2023 05:09 AM - edited 10-26-2023 05:10 AM
In the deployment guides and conversations I've had it seems that the PA-VM firewall in Azure is typically designed around only four interfaces: trust, untrust, mgmt, HA. Two zones only: Trust/Untrust. Subnets used to isolate traffic.
In my on-prem setups I've always had zones associated with either the interfaces or VLANs on those interfaces to help differentiate application of policies. I feel like it makes in plainly obvious in the policy where that traffic is coming from and going but prevents inadvertently allowing something you don't want allowed.
I'd prefer to keep the ability to use the zones vs subnets and subnet groups. Is there a way to create another Zone for a subnet within Azure? I don't believe VLAN's are available in Azure so that options seems out. I'd like to setup a DMZ zone since that just seems more elegant to use and easier to read when looking at Policies.
Palo support had suggested adding another interface but that doesn't seem like an option nor does it seem advisable based on what is considered a standard setup in Azure. The VM that the PA-VM runs on right now too is limited to four interfaces.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!