>
    Strata Copilot
    Minimum System Requirements for the VM-Series Firewall on GCP
    Focus
    Download PDF
    Focus
    1. Home
    2. VM-Series
    3. VM-Series Firewall on Google Cloud Platform
    4. Minimum System Requirements for the VM-Series Firewall on GCP
    Download PDF
    VM-Series

    Minimum System Requirements for the VM-Series Firewall on GCP

    Table of Contents

    Minimum System Requirements for the VM-Series Firewall on GCP

    Review the minimum system requirements for a VM-Series firewall on the Google Cloud Platform.
    Where Can I Use This?What Do I Need?
    • Google Cloud Platform (GCP)
    • VM-Series License (PAYG or BYOL)
    • VM-Series plugin
    • Panorama
    • Panorama plugin for GCP
    Choose a VM-Series Firewall Licenses for Public Clouds and a license method: Bring your own license (BYOL) or pay-as-you-go (PAYG). To deploy a VM-Series firewall on a Google Compute Engine instance, you must choose a machine type that supports the VM-Series System Requirements for your license.
    A single Google Compute Engine instance supports up to eight network interfaces. If you want to configure eight interfaces, choose n1-standard-8 or a larger machine type.
    CapacityBYOLBundles 1 and 2
    PAYGMarketplace
    VM-100 firewall
    		  
    VM-200 firewall
    		  
    VM-300 firewall
    VM-1000-HV firewall
    		  
    VM-500 firewall
    		  
    VM-700 firewall
    		  
    The VM-Series firewall supports the predefined standard machine types listed below. You can choose a higher performing machine type or you can create your own custom machine type if the resource requirements are compatible with your VM-Series firewall license.
    • n1-standard-4
    • n1-standard-8
    • n1-standard-16
    • n2-standard-4
    • n2-standard-8
    • n2-standard-16
    • n2-standard-32
    Custom Machine Types:
    • e2-standard-4
    • e2-standard-8
    • e2-standard-16
    • e2-standard-32

    General Requirements

    The components in this checklist are common to deploying a VM-Series firewall that you manage directly or with Panorama. Additional requirements apply for the Panorama plugin for services such as Stackdriver monitoring, VM monitoring, auto scaling, or securing Kubernetes deployments.
    Always consult the Compatibility Matrix for Panorama plugin information for public clouds. This release requires the following software:
    • GCP account—You must have a GCP user account with a linked email address and you must know the username and password for that email address.
    • Google Cloud SDK—If you have not done so, install Google Cloud SDK, which includes Google Cloud APIs, gcloud and other command-line tools. You can use the command-line interface to deploy the firewall template and other templates.
    • PAN-OS on VM-Series firewalls on GCP—VM-Series firewalls running a PAN-OS version available from the Google Marketplace.
      • VM-Series firewalls—you can deploy the VM-Series firewalls that you want to manage from Panorama, through the Google Cloud Platform using a Palo Alto Networks image from the Google Marketplace.
      • VM-Series Licenses—You must license a VM-Series firewall to obtain a serial number. You will need a serial number to add a VM-Series firewall as a Panorama managed device. If you're using the Panorama plugin for GCP to deploy VM-Series firewalls you must supply a BYOL auth code. The Google Marketplace handles your service billing, but the firewalls you deploy will directly interface with the Palo Alto Networks licensing server.
      • VM-Series plugin on the firewallVM-Series firewalls running PAN-OS 9.0 and later include the VM-Series plugin, which manages integration with public and private clouds. As shown in the Compatibility Matrix, the VM-Series plugin has a minimum version that corresponds to each PAN-OS release.
        The VM-Series plugin version is automatically upgraded following a major PAN-OS upgrade. For minor releases it's up to you to determine whether a VM-Series plugin upgrade is necessary, and if so, perform a manual upgrade. See Install the Panorama Plugin for GCP.
    • Panorama running in Management mode—A Panorama physical or virtual appliance running a PAN-OS version that is the same or later than the managed firewalls. Virtual instances don't need to be deployed in GCP.
      • You must have a licensed version of Panorama.
      • Panorama must have network access to the VPCs in which the VMs you want to manage are deployed.
      • If you intend to manage VMs deployed in GCP, or configure features such as auto scaling, your PAN-OS, and VM-Series plugin versions must meet the Public Cloud requirements to support the Panorama plugin for GCP.
      • VM-Series plugin on Panorama. See Install the Panorama Plugin for GCP
    • Panorama plugin for GCP version 2.0.0—The GCP plugin manages the interactions required to license, bootstrap, and configure firewalls deployed with the VM Monitoring or auto scaling templates. The GCP plugin, in conjunction with the VM Monitoring or auto scaling templates, uses Panorama templates stacks, and device groups to program NAT rules that direct traffic to managed VM-Series firewalls.
      See Install the Panorama Plugin for GCP.

    © 2026 Palo Alto Networks, Inc. All rights reserved.