VM-Series License limits - VIrtual Routers

Reply
Highlighted
L1 Bithead

VM-Series License limits - VIrtual Routers

I have seen documentation outlining the differences in the number of Rules, VPNs, sessions and zones for each VM-Series license, but i think there are also limits on the number of Virtual Routers you can create on each VM license.

Is there any documentation to illustrate this difference?

This is necessary information if you are deploying the Load Balanced Transit VNet and you may need more than 2 Virtual Routers.

 

Thanks.

Highlighted
L4 Transporter

Re: VM-Series License limits - VIrtual Routers

Keep in mind that before licensing VM-Series the no-license VR limit is 2.

 

https://www.paloaltonetworks.com/products/product-comparison.html?chosen=vm-100,vm-300,vm-500

 

Virtual routers 20 10 3
Highlighted
L4 Transporter

Re: VM-Series License limits - VIrtual Routers

The VR limit per license type can be viewed here.

https://www.paloaltonetworks.com/products/product-selection.html#

 

The limit on a VM-300 is 10 VRs.  With that said, you generally shouldn't need more than two.  You should route all internal traffic through the same interface with the HA Port LB.  If you try to Zone Policy that traffic, you will need SNAT.  Azure maintains persistence on a 1-arm routing mode only.  We touch on this in the East-West component of the reference architecture.

https://www.paloaltonetworks.com/resources/reference-architectures/azure

 

Highlighted
L1 Bithead

Re: VM-Series License limits - VIrtual Routers

I have seen and followed the Reference Architecure guides and they are very helpful. When i was testing it out, i had a VM-100 license, i was pretty sure it limited me to two Virtual Routers, but this comparison tool, says it allows 3. Can you confirm it is 3?

The only reason i ask, is we have a customer that deployed their VM-Series with a Untrust, Trust and VPN segments, and three Load Balancers. A Load Balancer on each segment. 

So with that i was thinking it would be best to have a Virtual Router for each segment so that the Probes from the Azure Load Balancer are routed back to the LB.

Anyways, if you are able to confirm that the VM-100 supports 2 or 3, that would be great.

 

Thanks,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!