: VM-Series Firewall Templates on Azure
Focus
Focus

VM-Series Firewall Templates on Azure

Table of Contents
End-of-Life (EoL)

VM-Series Firewall Templates on Azure

You can deploy the VM-Series firewall on Azure using templates. Palo Alto Networks provides two kinds of templates—Solution templates and ARM templates.
  • Solution Templates in the Azure Marketplace —The solution templates that are available in the Azure Marketplace allow you to deploy the VM-Series firewall using the Azure portal. You can use an existing resource group and storage account (or create them new) to deploy the VM-Series firewall with the following default settings for all regions except Azure China:
    • VNet CIDR 10.8.0.0/16; you can customize the CIDR to a different private IP address range.
    • Three subnets— 10.8.0.0/24 (management), 10.8.1.0/24 (untrust), 10.8.2.0/24 (trust)
    • Three network interfaces, one in each subnet. If you customize the VNet CIDR, the subnet ranges map to your changes.
  • ARM Templates in the GitHub Repository—In addition to Marketplace based deployments, Palo Alto Networks provides Azure Resource Manager templates in the GitHub Repository to simplify the process of deploying the VM-Series firewall on Azure.
    • Use the ARM Template to Deploy the VM-Series Firewall—The basic ARM template includes two JSON files (a Template file and a Parameters File) to help you deploy and provision all the resources within the VNet in a single, coordinated operation. These templates are provided under an as-is, best effort, support policy.
      If you want to use the Azure CLI to locate all the images available from Palo Alto Networks, you the need the following details to complete the command (show vm-image list):
      • Publisher: paloaltonetworks
      • Offer: vmseries-flex
      • SKU: byol, bundle1, bundle 2
      • Version: 10.0.0, or latest
    • Deploy the VM-Series and Azure Application Gateway Template to support a scale out security architecture that protects your internet-facing web applications using two VM-Series firewalls between a pair of (external and internal) Azure load balancers VM-Series and Azure Application Gateway. This template is currently not available for Azure China.
    • Use the ARM template to deploy the VM-Series firewall in to an existing Resource Group, for example when you want to Set up Active/Passive HA on Azure.
In addition to the ARM templates above that are covered under the Palo Alto Networks official support policy, Palo Alto Networks provides Community supported templates in the Palo Alto Networks GitHub repository that allow you to explore the solutions available to jumpstart your journey in to cloud automation and scale on Azure.