You can deploy the VM-Series firewall on Azure using
templates. Palo Alto Networks provides two kinds of templates:
Solution Templates in the Azure Marketplace
solution templates that are available in the Azure Marketplace allow
you to deploy the VM-Series firewall using the Azure portal. You
can use an existing resource group and storage account (or create
them new) to deploy the VM-Series firewall with the following default
settings for all regions except Azure China:
CIDR 192.168.0.0/16; you can customize the CIDR to a different private
IP address range.
Three subnets— 192.168.0.0/24 (management), 192.168.1.0/24
(untrust), 192.168.2.0/24 (trust)
Three network interfaces, one in each subnet. If you customize
the VNet CIDR, the subnet ranges map to your changes.
to Marketplace based deployments, Palo Alto Networks provides Azure
Resource Manager templates in the GitHub Repository to simplify
the process of deploying the VM-Series firewall on Azure.
the ARM Template to Deploy the VM-Series Firewall—The basic
ARM template includes two JSON files (a Template file and a Parameters
File) to help you deploy and provision all the resources within
the VNet in a single, coordinated operation. These templates are
provided under an as-is, best effort, support policy.
you want to use the Azure CLI to locate all the images available
from Palo Alto Networks, you the need the following details to complete
the command (show vm-image list):
SKU: byol, bundle1, bundle 2
Version: 8.0.0, 7.1.1 or latest
the VM-Series and Azure Application Gateway Template to support
a scale out security architecture that protects your internet-facing
web applications using two VM-Series firewalls between a pair of
(external and internal) Azure load balancers VM-Series and Azure
Application Gateway. This template is currently not available for