GCP

Welcome to the Palo Alto Networks VM-Series on GCP resource page. Here you will find information about VM-Series on GCP to help you get started or find advanced architecture designs and other resources to help accelerate your VM-Series deployment. Engage the community and ask questions in the discussion forum below.

VM-Series on GCP Deployment Resources

Welcome to the Palo Alto Networks VM-Series on GCP resource page. Here you will find information about VM-Series on GCP to help you get started or find advanced architecture designs and other resources to help accelerate your VM-Series deployment. Engage the community and ask questions in the discussion forum below.

Software Firewall Orchestration Hub

How to Videos and Tutorials

Getting Started with Google IDS

Palo Alto Networks LIVEcommunity

VM-Series on GCP: Deploying the Two-Tiered Template

Palo Alto Networks LIVEcommunity

Basic IPSec VPN Configuration with PAN-OS

Palo Alto Networks LIVEcommunity

VM-Series Deployment: Bootstrapping Basics

Palo Alto Networks LIVEcommunity

Bootstrapping the VM-Series on GCP

Palo Alto Networks LIVEcommunity

Reference Architectures/How to Guides

Ignite User Conference Session Recordings

Overview Videos & Whitepapers

VM-Series on GCP

VM-Series on GCP Deployment Guidelines

KnowledgeBase Articles

SF KB Review the GCP articles posted in our Knowledge Base

Note: In order to view ALL of the articles in this section and to engage in discussions on this platform, you must register for an account on LIVEcommunity. Some articles may not be viewable to unregistered users.

Register for a LIVEcommunity account

Customer Support Portal Resource

Go to Customer Support Portal to Create a Case online

Note: In order to create a case, please create or active an account and register your device, which can be done in the Customer Support Portal. This area provides product support for all Palo Alto Networks Customers.

Login to the Customer Support Portal

Digital Learning Courses

Access Palo Alto Networks learning platform to gain free technical insights and educational materials across our full suite of products.

Please note: SSO login is necessary to access the content.

Software Firewalls Features

Templates, Scripts and Deployment Resources

High Availability/Managed Scale

Managed Scale

Load balancer sandwich with the VM-Series

Uses a Terraform template to a load balancer sandwich, web servers and VM-Series firewalls.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/GCP-Terraform-Samples/tree/master/LB-Sandwich

Star16

Fork27

Managed Scale for GKE Environments

GKE load balancer sandwich with the VM-Series

Uses a Terraform template to a GKE load balancer sandwich and VM-Series firewalls.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/GCP-Terraform-Samples/tree/master/GKE-LB-Sandwich

Star16

Fork27

Security for GKE Environments (Containers)

Two-Tier containerized application on GKE secured by VM-Series

This provides the instructions and Terraform template to deploy a GKE cluster and VM-Series firewall in a GCP project. It then guides users through the process of deploying a 2-tier containerized application with an internal load balancer. Finally the lab shows how both North/South and East/West visibilty can be achieved via the VM-Series firewall located in the same GCP project as the GKE cluster.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/GCP-k8s-north-south-inspection-and-east-west-visibility

Star8

Fork6

Two-Tier Sample

Two-Tier GCP Template

Two tier application environment protected by VM-Series

Uses a GCP template to deploy a two-tiered web server/DB application environment protected by a bootstrapped VM-Series firewall.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/googlecloud/tree/master/two-tier-template

Star11

Fork10

Two-Tier Terraform Template

Two tier application environment protected by VM-Series

Uses a Terraform template to deploy a two-tiered web server/DB application environment protected by a bootstrapped VM-Series firewall.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/GCP-Terraform-Samples/tree/master/Two-Tier

Star16

Fork27

Terraform, Ansible and Other Automation Resources

Ansible

Ansible Modules

Palo Alto Networks Ansible Modules

Ansible modules that automate configuration and operational tasks on Palo Alto Networks physical or virtualized firewalls. The underlying protocol uses API calls that are wrapped within Ansible framework.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/ansible-pan

Star231

Fork164

Terraform

Terraform Provider

Provider for PAN-OS

Automates various configuration and policy aspects of the Palo Alto Networks physical or virtualized next generation firewalls and Panorama.

Palo Alto Networks Community Supported

https://www.terraform.io/docs/providers/panos/index.html

Terraform Templates

Palo Alto Networks Repository of Terraform Templates to Secure Workloads on AWS and Azure

Terraform Templates that deploy 3-tier and 2-tier applications along with VM-Series firewalls on AWS and Azure.

The templates provided in these repositories provide best practice guidelines to deploy workloads on public cloud platforms and to secure these workloads using the VM-Series firewall.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/terraform-templates

Star157

Fork154

Palo Alto Networks Device Framework

Palo Alto Networks Device Framework

A framework for interacting with Palo Alto Networks devices (including Next-generation Firewalls and Panorama) using the device API that is object oriented and conceptually similar to interaction with the device via the GUI or CLI.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/pandevice

Star369

Fork178

IronSkillet Day One Configuration Tool

IronSkillet Templates

A set of day one configuration templates and code snippets that enable the assembly of full config files or modification of existing policies that can be used to bootstrap a firewall, imported directly to a firewall or through Panorama.

Palo Alto Networks Community Supported

https://live.paloaltonetworks.com/t5/Community-Blog/Getting-Started-with-IronSkillet-Best-Practices-Templates/ba-p/233175

PANHandler Config Management Tool

PANHandler Config Templates

Enables management and sharing of full PAN-OS device configurations, or a set of configuration elements.

Palo Alto Networks Community Supported

https://panhandler.readthedocs.io/en/latest/

PAN-OS Bootstrapper Tool

PAN-OS Bootstrapper Archive Package

A tool to quickly build all required files to bootstrap a Pala Alto Networks NGFW device. This usually requires a customized bootstrap.xml, init-cfg.txt, and a license file. The output will be an archive package, either ISO or ZIP, with all required files fully compiled from the supplied templates and input variables.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/panos-bootstrapper

Star14

Fork10

PAN-OS Flexible Cloud Automation

Flexible Cloud Automation Tool (FCA)

Enables users to create public cloud templates using data about the deployment beyond architecture diagrams. FCA will deploy (and configure) the VM-Series along with all the supporting components such as, route tables, load balancers, all networking components, IPSEC tunnels, and security groups.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/pan-fca

Star28

Fork30

Discussions

Need answers? Register or Sign-in to Engage, Share, and Learn.

Author	Topic	Views	Replies
isobrado 01-07-2025	Palo Alto Firewall in Azure backup Got some PA-VM-FLEX in GCP and Azure. I could create a backup routine for the GCP ones, but, I can't complete a backup for the Azure one. Found s...	1567	2
gautamthakur 09-11-2024	Required CSSP ID for Palo Alto device hosted on GCP Contains an image We need to access support for Palo Alto, for that we're registering our devices to the Palo Alto portal and for that we need CSSP reference Id whic...	1085	2
dkane66 03-13-2024	GCP Commits Taking long time We have a couple VM-Flex(8-CPU) firewalls in GCP. Over time the commit times on these boxes have been going up. At this point they take nearly 30mi...	1647	0
Mitesh_Nandu 01-17-2023	GCP External Load Balance Contains an attachment Hello Everyone, We have deployed Two PA-VM in GCP. In GCP we have created External HTTP Load Balance (ELB) & Internal Load Balance. Via extern...	2805	0
Mitesh_Nandu 01-11-2024	GCP VPC Peering Contains an image Contains an attachment Hi, We are deploying PA VM in GCP (Common Firewall Deployment Architecture). Deployment Architecture is attached. In Trust VPC we have config...	3144	1
Mitesh_Nandu 01-11-2024	High Availability on Public Cloud Hi, Does any one has implemented Palo Alto NGFW in HA on GCP. If yes, than what will be the requirement for the same.	6453	7
Mitesh_Nandu 01-11-2024	A/A HA on GCP Does any one has deployed PA-VM in Active/Active HA.	2760	1

Blogs

VM-Series Virtual Next-Generation Firewalls with Session Resilience in Google Cloud Platform (GCP) Contains an image Contains a hyperlink

03-27-2024 — Have you wanted the ability to auto-scale your Palo Alto Networks VM-Series Virtual Next-Generation Firewall, but also have session resiliency in the case of failover? With the release of Cosmos PAN-OS 11.1, your firewalls can now auto-scale and h... — Read more

Labels: Architecture GCloud GCP ngfw Session Resilience VM-Series
3198 by tzahroof in Community Blogs

Integrating Google Security Command Center (GSCC) with XSIAM Contains an image Contains a hyperlink

12-15-2023 — One of the key features of XSIAM is its integration with Google Cloud Platform (GCP), which enables customers to centralize visibility into security and compliance risks on GCP. By integrating XSIAM with Google Security Command Center (GSCC), cust... — Read more

Labels: Command Center GCP gscc Integration SCC XSIAM
3764 by emgarcia in Community Blogs

New Features in the August 2022 Cloud Integration Releases Contains an image Contains a hyperlink

09-20-2022 — Find out about the new features of the August 2022 Cloud Integration Release. — Read more

Labels: AWS Cisco ACI Cloud CN-Series GCP Panorama plugin
5982 1 by kiwi in Community Blogs

Cloud IDS: Threat Detection Service Like Never Before Contains an image Contains a hyperlink

07-29-2021 — We've partnered with Google Cloud to natively protect the applications you build in the cloud with industry-leading security controls. — Read more

Labels: GCP google google cloud platform Strata Firewall Threat Prevention VM-Series
8964 1 by Susaant in Community Blogs

April VM-Series and CN-Series Updates Contains an image Contains a hyperlink

04-20-2021 — We are pleased to announce several new features, plugins and qualifications for software firewalls. We also released the VM-Series Plugin 2.0.6 and Pan OS 10.0.5 MR release, addressing several known issues. Read on for news about AWS overlay routi... — Read more

Labels: AWS Azure CN-Series GCP Hybrid Cloud NSX Panorama Terraform
10344 3 by japatel in Community Blogs

Articles

Connect your Cloud Platform (GCP) to Prisma Cloud

05-01-2024 — Demo Agenda: Connect your Cloud Platform (GCP) to Prisma Cloud Prerequisites: Admin access to GCP Console.Admin access to SAAS console. — Read more

Labels: Cloud Security Connect your Cloud Platform (GCP) to Prisma Cloud GCP Prisma Cloud
2573 2 by rsingh in Prisma Cloud Videos

Keeping Your Google Cloud VPC Networks Highly Resilient and Secured Contains an image Contains a hyperlink

07-10-2023 — This document describes the use-cases, architecture design and traffic flows for Palo Alto Networks VM-Series deployed in Active-Passive mode in Google Cloud. — Read more

Labels: GCP google cloud platform VM-Series VM-Series on GCP
11562 3 2 by emgarcia in General Articles

Implement Google Cloud Organization Restrictions Contains an image Contains a hyperlink

05-03-2023 — Introduction Security administrators can use Google Cloud IAM to control who can access resources within a Google Cloud organization. However, companies may require the ability to restrict access to resources and APIs that reside in different Google Cloud organizations. The combination of Palo A... — Read more

Labels: GCP google google cloud platform PAN-OS
8505 by mmclimans in General Articles

September 2022 - Monthly Product Management Office Hours - CIEM GCP support

09-21-2022 — As organizations increasingly adopt Infrastructure-as-a-Service (IaaS) models for cloud development, the number of entities that are granted access to critical infrastructure necessarily grows as well. However, organizations must ensure these enti... — Read more

Labels: Cloud Security Cloud Security Posture Management (CSPM) GCP Infrastructure-as-a-Service (IaaS) Prisma Cloud offers Cloud Infrastructure Entitlement Management (CIEM)
3293 by RPrasadi in Prisma Cloud Videos