About dmaynard

PLUG-7780 - When the monitoring definition service principle for VM monitoring in Azure is configured correctly on the Panorama plugin for Azure 3.0.x with PAN-OS 10.0.x, the service principal validation check displays as failed under  Panorama > Azure > Setup > Service Principal . Please find the list of actions/permissions required to support monitoring for the Azure 3.0.1 plugin below:   The list of permissions required to enable monitoring are as below: "actions": [ "Microsoft.Compute/virtualMachines/read", "Microsoft.Network/networkInterfaces/read", "Microsoft.Network/virtualNetworks/read", "Microsoft.Network/locations/serviceTags/read", "Microsoft.Network/loadBalancers/read", "Microsoft.Resources/subscriptions/resourcegroups/read", "Microsoft.Network/publicIPAddresses/read" ]   With these permissions assigned to a service principal, validation will fail but the monitoring functionality is not affected and the 3.0.1 plugin will continue to function as designed. ... View more

Not at this time but is on roadmap and can consult SE for more info. ... View more

A return route in the FW virtual router for the peered vnet. Security rule allowing traffic NAT if required ... View more

Deploying from custom image or marketplace?   May have old product code if using custom image and needs to be updated. ... View more

Sure not using a deployment profile for 10.0.4 or higher and using auth for older PAN-OS? What version of PAN-OS are your deploying on? Where are you deploying PAVM?   ... View more

Unsupported VPC peering configurations https://docs.aws.amazon.com/vpc/latest/peering/invalid-peering-configurations.html#transitive-peering ... View more

Azure VM backup is not supported on Palo VMs. ... View more

Keep in mind that before licensing VM-Series the no-license VR limit is 2.   https://www.paloaltonetworks.com/products/product-comparison.html?chosen=vm-100,vm-300,vm-500   Virtual routers 20 10 3 ... View more

Would look into using Panorama VMware vCenter plugin which can pull vDS info.   https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-a-vm-series-firewall-on-an-esxi-server/vm-monitoring-on-vcenter/about-vm-monitoring-on-vmware-vcenter.html ... View more

@jmeurer Transit VPC is community supported not TAC supported.   For additional clarification: As this is related to route propagation with the VM-Series firewall it would be TAC supported for assistance within the PA-VM.    Issues related to deployment and automation for transit Arch would open issue in github. For assistance open issue in github. https://github.com/PaloAltoNetworks/aws-transit-vpc       ... View more

https://docs.paloaltonetworks.com/compatibility-matrix/panorama/panorama-hypervisor-support     ... View more

Is Subnet 2 a gateway subnet? ... View more