Auto Scaling PA Firewall VM Series in AWS integrated with GWLB
I am looking for an approach to auto scale PA Firewall in AWS using Terraform Code. Any inputs appreciated.
Welcome to the VM-Series in the Public Cloud discussion forum! This community exists as a resource for you to discuss VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud and Alibaba. We encourage you to engage in this rapidly growing community to share ideas, pose questions, and propose real-world solutions to any challenges that may arise.
Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to the VM-Series deployments on AWS, Microsoft Azure, Google Cloud Platform Oracle Cloud and Alibaba. Please use the information from this forum at your own risk and make sure to test and verify proposed solutions presented here. For information on contacting Palo Alto Networks support, click here.
I am looking for an approach to auto scale PA Firewall in AWS using Terraform Code. Any inputs appreciated.
I have to admit it, I love to create good examples that others can follow. I know the PAN team has published some great examples up on Github. But I figured I would publish my own example of how to deploy a VM-Series firewall in Azure using Terrafor
...
Hi,
Just checking if anyone has successfully deployed the latest HA mode "secondary-ip". Unfotunately the deployment guides can be described more as "guides" rather than detailed instructions. Furthermore they are fragmented so one has to scramble
...
Greetings All,
I have a very basic question and basic issue. I have Palo Alto up and running in my lab on AWS. I can connect to the Management Interface just fine. I have added eth1 to the the PA and configured the access for ping, ssh, https, etc
...
We are hitting a software limitation on the max number of IPsec Tunnels allowed for our VM-Series Next-Generation Firewall Bundle 2. This was purchased through AWS Marketplace and there is no clearly defined upgrade path for us to follow. The Palo Al
...
PA-VM
VM-300
9.0.8 to 9.0.10
vm_series-1.0.11
Sorry for the (probably) simple question, but I've never done a Software Version upgrade on a Palo VM before.
Other than the usual steps to update, what other considerations do I need to take into account?
...
We have 2 fw PA on AWS cloud. Each firewall is on their respective Zone. Currently, Zone B is shutdown.
The question is: We need to avoid turn on components in the zone B (due to our limited resources), but, we need to sync up boths firewalls. Requ
...
I would like to hear which approaches could be used to deploy and automatically deploy trusted root certificates for servers in the public cloud (Containers, Virtual machines, serverless functions) in order to decrypt its traffic.
Approved images for
G'day All,
I was wondering if anyone can guide me with an issue I am facing. We have Hub & Spoke model and want to have all Subnet to Subnet as well as VNET to VNET traffic to pass through PA.
SUBNETS:
Do I need to add them to the already exi
...
Hello all,
We have a Palo Alto VM-300 firewall in Azure which was deployed from the market place with a 40GB system disk.
To upgrade to PAN-OS 10.0 and above, the system disk needs to be a minimum of 60GB.
Has anyone done this before?
What is the best a
...
Hello all,
I am trying to configure Global Protect Portal on AWS using PA VM Series (10.1.5) using three interfaces and with swapped data/management interfaces as I am planning to put GWLB in front for ingress.
Anyhow I am following multiple guides i
For Azure VM-Series, can CPUID be the same per instance?
Customers say that 4-7 CPUIDs are all the same in the VM-Series.
The serial number is different for each instance, but can the CPUID be the same?
I know that CPUID is a unique value of VM-Series.
I tried deploying the vm series firewall in an Azure environment using the steps here
https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-azure/deploy-the-vm-series-firewall-on-azure-solution-templat
...
Hi Folks,
We have an PA-VM-100 series firewall deployed in the Azure cloud.
We have three NIC cards mapped to the firewall interfaces which is configured as below:
NIC card 1 <-----> Management interface
NIC Card 2 <----> Untrust interface(Ethernet 1/1
...
Hello,
Question about GWLB and sub-interface mapping. If I have 2 VPCs (VPC-Shared and VPC-Production) and I associate VPC-Shared with a GWLB Endpoint to sub-interface e1/1.100 on a zone also named VPC-Shared and VPC-Production with an endpoint to e
...Subject | Likes |
---|---|
1 Like | |
1 Like | |
1 Like |