VM-Series Firewall on Google Cloud Platform

Table of Contents

Use Case: Deploy the VM-Series Firewall in Different Availability Zones in Azure

Supported Deployments on Google Cloud Platform

VM-Series Firewall on Google Cloud Platform

Deploy the VM-Series firewall on a Google Cloud Engine instance.

Where Can I Use This?	What Do I Need?
Google Cloud Platform (GCP)	VM-Series License (PAYG or BYOL) VM-Series plugin Panorama Panorama plugin for GCP

VM-Series firewalls bring next-generation firewall features to the Google® Cloud Platform™(GCP). To maximize performance, VM-Series firewalls on GCP support the Data Plane Development Kit (DPDK) libraries, which provide fast packet processing and improve network performance based on specific combinations of VM-Series firewall licenses and Google Cloud Platform virtual machine (VM) sizes.

The VM-Series firewall integration with GCP allows you to deploy the VM-Series firewall as a virtual machine (VM) running on a Google Compute Engine instance. For a simplified process, Deploy the VM-Series Firewall from Google Cloud Platform Marketplace. After you deploy the VM-Series firewall, you can configure the following optional services:

Enable Google Stackdriver Monitoring on the VM Series Firewall—From the firewall, push PAN-OS metrics to the Google Stackdriver service.
Enable VM Monitoring to Track VM Changes on Google Cloud Platform—Set up a VM Information Source that monitors the specific GCP zone containing your instances. The monitored VM metadata can include predefined GCP properties (such as the project ID) and user-defined properties (such as labels and network tags).

You can deploy the VM-Series firewall on a Google® Compute Engine instance in a network in your virtual private cloud (VPC). The deployment types are:

Internet Gateway

The VM-Series firewall secures north-south traffic to and from the internet to protect applications from known and unknown threats. A Google project can have up to five VPC networks. For a typical example of an internet gateway, refer to the Google configuration examples.

In public cloud environments, it's a common practice to use a scale-out architecture (see the figure below) rather than larger, higher performing VMs. This architecture (sometimes called a sandwich deployment) avoids a single point of failure and enables you to add or remove firewalls as needed.

Segmentation Gateway

A segmentation gateway secures east-west traffic between virtual private clouds (VPCs) to ensure data protection compliance and application access. The following figure shows a firewall securing both north-south and east-west traffic.

Hybrid IPSec VPN

The VM-Series firewall serves as an IPSec VPN termination point, which enables secure communications to and from applications hosted on the Google Cloud Platform (GCP).

The deployment in the figure below shows a site-to-site VPN from an on-premises network to a VM-Series firewall deployed on GCP and an IPSec connection from an on-premises network to a Google Cloud VPN gateway.

Use Case: Deploy the VM-Series Firewall in Different Availability Zones in Azure

Supported Deployments on Google Cloud Platform

VM-Series Firewall Docs

VM-Series Firewall on Google Cloud Platform

VM-Series Firewall Docs

VM-Series Firewall on Google Cloud Platform

Internet Gateway

Segmentation Gateway

Hybrid IPSec VPN

Activation and Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Endpoints

Resources