VM-Series Next Generation Firewall
VM-Series for Azure complements native security features by uniquely classifying and controlling Azure traffic based on application identity, not the port, then applying Threat Prevention policies to prevent cyberattacks. Native management features including an API and Bootstrapping, can automate deployments and policies while Panorama (purchased separately) delivers centralized management of both virtual and hardware firewalls for policy consistency.
The VM-Series can be deployed to support the following use cases:
Hybrid cloud to securely extend your existing data center into Azure
Segmentation of applications and data – both inter-subnet and VNET-to-VNET
Gateway perimeter protection for Internet facing applications
GlobalProtect to extend security policies to remote users and devices
When deployed from Azure Marketplace, a VM-Series virtual machine is created with multiple network interfaces, you can select new or existing resource group, storage account, VNET with three subnets (MGMT, Untrust and Trust). Then configure VM-Series and create Azure user-defined rules (UDR) to force all packets from the Trust and Untrust subnets through firewall. For documentation and ARM templates please see http://azure.paloaltonetworks.com