>
    Strata Copilot
    Deploy the VM-Series Firewall on Cisco CSP
    Focus
    Download PDF
    Focus
    1. Home
    2. VM-Series
    3. Deploy the VM-Series Firewall on Cisco CSP
    Download PDF
    VM-Series

    Deploy the VM-Series Firewall on Cisco CSP

    Table of Contents

    Deploy the VM-Series Firewall on Cisco CSP

    Deploy the VM-Series firewall on the Cisco Cloud Security Platform
(CSP) with the VM-Series base image from Palo Alto Networks Customer Support Portal.
    Where Can I Use This?What Do I Need?
    • Cisco CSP
    • VM-Series plugin
    • Panorama
    • VM-Series licenses
    • Panorama plugin for Cisco CSP
    You can deploy the VM-Series firewall as a network virtual service on the Cisco Cloud Security Platform (CSP). Since the Cisco CSP runs on the RHEL KVM platform, you can deploy the VM-Series firewall using the VM-Series firewall for a KVM base image.
    With the VM-Series firewall on Cisco CSP, you can protect your workloads, prevent advanced threats, and improve visibility into the applications on your virtual network.
    System Requirements
    You can create and deploy multiple instances—standalone or as an HA pair—of the VM-Series firewall on your Cisco CSP.
    • See the Compatibility Matrix for supported versions of Palo Alto Networks Customer Support Portal and PAN-OS.
    • Bootstrap Package converted to an ISO file.
    • See VM-Series System Requirements for the minimum hardware requirements for your VM-Series model.
      The VM-Series firewall on Cisco CSP supports all VM-Series models except the VM-50.
    • Minimum of two network interfaces (vNICs). One is a dedicated vNIC for the management interface and one is for the data interface. You can then add up to eight more vNICs for data traffic.
    • SR-IOV and packet MMAP mode only; DPDK isn't supported.
    Follow the steps below to deploy the VM-Series firewall as a service on Cisco CSP.
    1. Download the VM-Series qcow2 base image file from the Customer Support Portal.
    2. Create a Bootstrap Package for your VM-Series firewall. Create an ISO file containing the bootstrap package using your preferred tool.
    3. Log in to the Cisco CSP web interface.
    4. Upload the VM-Series firewall qcow2 image and ISO file.
      1. Select ConfigurationRepository.
      2. Click the plus (+) icon.
      3. Select Browse and navigate to your qcow2 file.
      4. Select Upload.
      5. Select Browse and navigate to your ISO file.
      6. Select Upload.
    5. Create the VM-Series firewall service.
      1. Enter a descriptive Name for the VM-Series firewall.
      2. Select the Target Host Name.
      3. Select the qcow2 file you uploaded from the Image Name.
      4. Select the Day Zero Config.
        1. Select the bootstrap ISO file in Source File Name.
        2. Select Submit.
      5. Allocate the number of cores and memory required for your VM-Series firewall.
      6. Add enough vNICs to support the number of VM-Series interfaces configured in your bootstrap ISO file.
      See the Cisco Cloud Service Platform documentation for more information about creating and deploying a service instance.
    6. After the bootstrap process is complete, log in to your VM-Series firewall using the management IP address you specified in the bootstrap ISO file.
      The firewall should be up and configured based on the parameters you defined in the bootstrap package.

    © 2026 Palo Alto Networks, Inc. All rights reserved.