
Palo Alto Networks VM-50
Virtualized Next-Generation Firewall
Palo Alto Networks Products
Palo Alto Networks VM-Series
Click here to jump to more pricing!
Overview:
The VM-Series supports the exact same next-generation firewall and advanced threat prevention features available in our physical form factor appliances, allowing you to safely enable applications flowing into, and across your private, public and hybrid cloud computing environments.
Automation features such as VM monitoring, dynamic address groups and a REST-based API allow you to proactively monitor VM changes dynamically feeding that context into security policies, thereby eliminating the policy lag that may occur when your VMs change.
The VM-Series Virtualized Next-Generation Firewall
Protect applications and data deployed across a wide range of public cloud, virtualization, and NFV environments.
- Identify and control applications, grant access based on users, and prevent known and unknown threats.
- Segment mission-critical applications and data using Zero Trust principles to improve security posture and achieve compliance
- Centrally manage policies across both physical and virtualized firewalls to ensure consistent security posture.
- Streamline workflow automation to ensure that security keeps pace with the rate of change in your cloud.
The VM-Series: Protect Any Cloud
Organizations are quickly adopting multi-cloud architectures as a means of distributing risk and taking advantage of the core competencies of different cloud vendors. To ensure your applications and data are protected across public cloud, virtualized data centers, and NFV deployments, the VM-Series has been designed to deliver up to 16 Gbps of App-ID-enabled firewall performance across five models:
- VM-50/VM-50 Lite — engineered to consume minimal resources and support CPU oversubscription yet deliver up to 200 Mbps of App-ID-enabled firewall performance for customer scenarios from virtual branch office/customer-premises equipment to high-density, multi-tenant environments
- VM-100 and VM-300 — optimized to deliver 2 Gbps and 4 Gbps of App-ID-enabled performance, respectively, for hybrid cloud, segmentation, and internet gateway use cases.
- VM-500 and VM-700 — able to deliver an industry-leading 8 Gbps to 16 Gbps of App-ID-enabled firewall performance, respectively, and can be deployed as NFV security components in fully virtualized data center and service provider environments.
VM-Series Models
To make sure that you purchase the correct model for your network requirements, use the following table to understand the maximum capacity for each model and the capacity differences by model:
Model | Sessions | Security Rules | Dynamic IP Addresses | Security Zones | IPSec VPN Tunnels | SSL VPN Tunnels |
---|---|---|---|---|---|---|
VM-50 | 50,000 | 250 | 1,000 | 15 | 250 | 250 |
VM-100 VM-200 |
250,000 | 1,500 | 2,500 | 40 | 1,000 | 500 |
VM-300 VM-1000-HV |
800,000 | 10,000 | 100,000 | 40 | 2,000 | 2,000 |
VM-500 | 2,000,000 | 10,000 | 100,000 | 200 | 4,000 | 6,000 |
VM-700 | 10,000,000 | 20,000 | 100,000 | 200 | 8,000 | 12,000 |
VM-Series System Requirements
VM-Series Model | Supported Hypervisors | Supported vCPUs | Minimum Memory | Minimum Hard Drive |
---|---|---|---|---|
VM-50 | ESXi, KVM, HyperV | 2 | 4.5GB | 32GB (60GB at boot) |
VM-100 VM-200 |
ESXi, KVM, HyperV, AWS, Azure, NSX, SDX | 2 | 6.5GB | 60GB |
VM-300 VM-1000-HV |
ESXi, KVM, HyperV, AWS, Azure, NSX, SDX | 2, 4 | 9GB | 60GB |
VM-500 | ESXi, KVM, HyperV, AWS, Azure, NSX | 2, 4, 8 | 16GB | 60GB |
VM-700 | ESXi, KVM, HyperV, AWS, Azure | 2, 4, 8, 16 | 56GB | 60GB |
Key VM-Series Features and Capabilities:
The VM-Series protects your applications and data with next-generation security features that deliver superior visibility, precise control, and threat prevention at the application level. Automation features and centralized management allow you to embed security into your application development process, ensuring security can keep pace with the speed of the cloud.
- Application visibility for informed security decisions:
The VM-Series provides application visibility across all ports, meaning you have far more relevant information about your cloud environment to help you make rapid, informed policy decisions. - Segment/Whitelist applications for security and compliance:
Today’s cyberthreats commonly compromise an individual workstation or user, and then move laterally across your network, placing your mission-critical applications and data at risk wherever they are. Using segmentation and whitelisting policies allows you to control applications communicating across different subnets to block lateral threat movement and achieve regulatory compliance. - Prevent advanced attacks within allowed application flows:
Attacks, much like many applications, can use any port, rendering traditional prevention mechanisms ineffective. The VM-Series allows you to use Palo Alto Networks Threat Prevention, DNS Security, and WildFire® malware prevention service to apply application-specific policies that block exploits, malware, and previously unknown threats from infecting your cloud. - Control application access with user-based policies:
Integration with a wide range of user repositories—such as Microsoft Exchange, Active Directory®, and LDAP—complements application whitelisting with user identity as an added policy element that controls access to applications and data. When deployed in conjunction with Palo Alto Networks GlobalProtect™ network security for endpoints, the VM-Series enables you to extend your corporate security policies to mobile devices and users, regardless of their locations. - Policy consistency through centralized management:
Panorama™ network security management enables you to manage your VM-Series firewalls across multiple cloud deployments, along with your physical security appliances, ensuring policy consistency and cohesion. Rich, centralized logging and reporting capabilities provide visibility into virtualized applications, users, and content - Container protection for managed Kubernetes environments:
The VM-Series protects containers running in Google Kubernetes® Engine and Azure® Kubernetes Service with the same visibility and threat prevention capabilities that can protect business-critical workloads on GCP® and Microsoft Azure. Container visibility empowers security operations teams to make informed security decisions and respond more quickly to potential incidents. Threat Prevention, WildFire, and URL Filtering policies can be used to protect Kubernetes clusters from known and unknown threats. Panorama enables you to automate policy updates as Kubernetes services are added or removed, ensuring security keeps pace with your ever-changing managed Kubernetes environments. - Automated security deployment and policy updates:
The VM-Series includes several management features that enable you to integrate security into your application development workflows.- Use bootstrapping to automatically provision a VM-Series firewall with a working configuration, complete with licenses, subscriptions, and connectivity to Panorama for centralized management.
- Automate policy updates as workloads change, using a fully documented API and Dynamic Address Groups to allow the VM-Series to consume external data in the form of tags that can drive policy updates dynamically.
- Use native cloud provider templates and services along with third-party tools—such as Terraform® and Ansible®— to fully automate VM-Series deployments and security policy updates.
- Cloud-native scalability and availability:
In virtualization or cloud environments, scalability and availability requirements can be addressed using a traditional two-device approach or a cloud-native approach. In public cloud environments, we recommended using cloud services—such as application gateways, load balancers, and automation—to address scalability and availability.
Palo Alto Networks VM-Series virtualized next-generation firewalls protect your Azure workloads with next-generation security features that allow you to confidently and quickly migrate your business-critical applications to the cloud. ARM templates and third-party automation tools allow you to embed the VM-Series into your application development lifecycle to prevent data loss and business disruption.
VM-SERIES ON MICROSOFT AZURE
The VM-Series allows you to embrace a prevention-based approach to protecting your applications and data on Azure. Automation and centralized management features enable you to embed next-generation security in your Azure application workflow so security can keep pace with development.
- Complete visibility improves security decisions. Understanding the applications in use on your network, including those that may be encrypted, helps you make informed security policy decisions.
- Segmentation and application whitelisting aid data security and compliance. Using application whitelisting to enforce a positive security model reduces your attack surface by allowing specific applications that align to your business needs (e.g., allow SharePoint® documents for all, but limit SharePoint administration access to the IT group). Whitelisting policies also allow you to segment applications that communicate across subnets and between virtual networks (VNETs) to stop lateral threat movement and meet compliance requirements.
- User-based policies improve security posture. Integration with on-premises user repositories—such as Microsoft Exchange, Active Directory®, and LDAP—lets you grant access to critical applications and data based on user credentials and need. For example, your developer group can have full access to the developer VNET while only IT administrators have RDP/SSH access to the production VNET. When deployed in conjunction with Palo Alto Networks GlobalProtect™ network security for endpoints, the VM-Series on Azure can extend your corporate security policies to mobile devices and users regardless of their location.
- Applications and data are protected from known and unknown threats. Attacks, like many applications, can use any port, rendering traditional prevention mechanisms ineffective. Enabling Threat Prevention, DNS Security, and WildFire® malware prevention service as segmentation policy elements will protect you against exploits, malware, and previously unknown threats from both inbound and lateral movement perspectives.
- Multiple defenses block data exfiltration and unauthorized file transfers. Data exfiltration can be prevented using a combination of application enablement, Threat Prevention, and DNS Security features. File transfers can be controlled by looking inside files, not only at their file extensions, to determine whether transfer actions should be allowed. Command and control, associated data theft, and executable files found in drive-by downloads or secondary payloads can also be blocked. Data filtering features can detect and control the flow of confidential data patterns, such as credit card and Social Security numbers, in addition to custom patterns.
Performance and Capacities
Many factors, such as the Azure virtual machine size, maximum packets per second supported, and number of cores used, can affect VM-Series performance. In addition to those noted, the performance and capacities listed in the following table have been generated under controlled lab conditions, using the recommended Azure virtual machine size, and configured with Azure Accelerated Networking using SR-IOV under the following test conditions:
- Firewall throughput and IPsec VPN are measured with App-ID™ and User-ID™ technology features enabled, utilizing 64 KB HTTP transactions.
- Threat Prevention throughput is measured with App-ID, User-ID, IPS, antivirus, and anti-spyware features enabled, utilizing 64K HTTP transactions.
- IPsec VPN performance is tested between two VM-Series in the same region. Performance will depend on Azure VM size and network topology, that is, whether connecting on-premises hardware to VM-Series on Azure; from VM-Series on an Azure VNET to an Azure VPN Gateway in another VNET; or VM-Series to VM-Series between regions.
- New sessions per second is measured with 1 byte HTTP transactions.
Model | VM-50/ VM-50 Lite1 | VM-100/ VM-200 | VM-300/ VM-1000-HV | VM-500 | VM-700 |
---|---|---|---|---|---|
Azure instance size tested (recommended) | N/A | DS3_v2 | DS3s_v2 | DS4_v2 | DS5_v2 |
Firewall throughput (App-ID enabled) | N/A | 750 Mbps | 1 Gbps | 2.5 Gbps | 2.5 Gbps |
Threat Prevention throughput | N/A | 500 Mbps | 750 Mbps | 2.25 Gbps | 2.25 Gbps |
IPsec VPN throughput | N/A | 400 Mbps | 500 Mbps | 1 Gbps | 1.25 Gbps |
Azure instance size tested (maximum) | N/A | DS5_v2 | DS5_v2 | DS5_v2 | DS5_v2 |
Firewall throughput (App-ID enabled) | N/A | 1 Gbps | 1.5 Gbps | 1.5 Gbps | 2.5 Gbps |
Threat Prevention throughput | N/A | 750 Mbps | 1.25 Gbps | 1.25 Gbps | 2.25 Gbps |
IPsec VPN throughput | N/A | 500 Mbps | 750 Mbps | 1 Gbps | 1.25 Gbps |
All instance sizes supported | VM-50/ VM-50 Lite1 | VM-100/ VM-200 | VM-300/ VM-1000-HV | VM-500 | VM-700 |
New sessions per second | N/A | 9K | 9K | 20K | 40K |
Max sessions | N/A | 250K | 800K | 2M | 10M |
System Requirements | |||||
Cores supported (min/max | N/A | 0.4/2 | 2/4 | 2/8 | 2/16 |
Memory (min) | N/A | 6.5 GB | 9 GB | 16 GB | 56 GB |
Azure Managed Disk capacity (min) | N/A | 32 GB | 60 GB | 60 GB | 60 GB |
Azure VM sizes supported2 (only standard Azure VM sizes supported) |
N/A | DS3_v2 DS5_v2 |
DS3s_v3 DS5_v2 |
DS4_v2 DS5_v2 |
DS5_v2 |
Licensing options | N/A | BYOL or VM-Series ELA | BYOL, VM-Series ELA, or Marketplace | BYOL or VM-Series ELA | BYOL or VM-Series ELA |
- The VM-50 and VM-50 Lite are not supported on Azure
- Refers to recommended VM size based on CPU cores, memory, and Azure prices
VM-Series On Linux KVM :
Kernel-based Virtual Machine (KVM) is a leading open source hypervisor that service providers and enterprises alike use to build and deploy cloud computing environments. Linux KVM, in conjunction with OpenStack®, represents a complete open source software-based offering that combines the cost reduction of cloud computing with the benefits of open source.
The VM-Series on KVM enables you to protect your data residing in OpenStackand KVM-based virtualized environments from cyberthreats. Panorama™ network security management, combined with native automation features, allows you to streamline policy management in a way that minimizes the policy lag time that may occur as virtual machines are added, moved, or removed.
Virtualized Next-Generation Security at High Performance and Scale
VM-Series virtualized next-generation firewalls are optimized to deliver App-ID™ technology-enabled throughput at industryleading rates ranging from 200 Mbps to 16 Gbps across five models, which include:
- VM-50—engineered to consume minimal resources and support CPU oversubscription yet deliver up to 200 Mbps of App-ID-enabled firewall performance for customer scenarios from virtual branch offices and customer-premise equipment to high-density, multi-tenant environments.
- VM-100 and VM-300—optimized to deliver 2 Gbps and 4 Gbps of App-ID-enabled throughput, respectively, for hybrid cloud, segmentation, and internet gateway use cases.
- VM-500 and VM-700—able to deliver 8 Gbps to 16 Gbps of App-ID-enabled firewall throughput, respectively, and deployable as NFV security components in fully virtualized data center and service provider environments
The Data Plane Development Kit, managed by The Linux Foundation, has been integrated into the VM-Series on KVM for enhanced packet processing performance on x86 infrastructure. Network I/O options, such as PCI passthrough and single-root I/O virtualization (SR-IOV), are supported for enhanced performance
Performance and Capacities Summary
In virtualized and cloud environments, many factors, such as type of CPU, hypervisor version, numbers of cores assigned, memory, and network I/O options, can impact your performance. Additional testing within your environment, is recommended to ensure your performance and capacity requirements are met.
Performance and Capacities | VM-50 (0.4 Core) | VM-100/ VM-200 (2 Cores) | VM-300/ VM-1000-HV (4 Cores) | VM-500 (8 Cores) | VM-700 (16 Cores) |
---|---|---|---|---|---|
With SR-IOV/PCI passthrough of I/O enabled | |||||
Firewall throughput (App-ID enabled)1 | 200 Mbps | 2 Gbps | 4 Gbps | 8 Gbps | 16 Gbps |
Threat Prevention throughput2 | 100 Mbps | 1 Gbps | 2 Gbps | 4 Gbps | 8 Gbps |
IPsec VPN throughput1 | 100 Mbps | 1 Gbps | 1.8 Gbps | 4 Gbps | 6 Gbps |
New sessions per second3 | 3,000 | 15,000 | 30,000 | 60,000 | 120,000 |
With open virtual switch OVS-DPDK | |||||
Firewall throughput (App-ID enabled)1 | 100 Mbps | 1 Gbps | 2 Gbps | 4 Gbps | 8 Gbps |
Threat Prevention throughput2 | 50 Mbps | 500 Mbps | 1 Gbps | 2 Gbps | 4 Gbps |
New sessions per second3 | 1,000 | 8,000 | 15,000 | 30,000 | 60,000 |
Capacities | |||||
Max sessions | td>64,000250,000 | 800,000 | 2,000,000 | 10,000,000 | |
Max security policies | 250 | 1,500 | 10,000 | 10,000 | 20,000 |
Max routes | 5,000 | 10,000 | 20,000 | 64,000 | 200,000 |
IPsec tunnels | 250 | 1,000 | 2,000 | 4,000 | 8,000 |
- Firewall and IPsec VPN throughput are measured with App-ID and User-ID features enabled, using 64 KB HTTP transactions.
- Threat Prevention throughput is measured with App-ID, User-ID, IPS, antivirus, and anti-spyware features enabled, using 64 KB HTTP transactions.
- New sessions per second is measured with application-override utilizing 1 byte HTTP transactions.
VM-Series Specifications and Features
The following tables list all supported specifications, resource requirements, and networking features of VM-Series on KVM
Virtualization Specifications | |
---|---|
Image formats supported | QCOW2 |
Hypervisors supported | KVM on CentOS Red Hat Enterprise Linux (RHEL) KVM on Ubuntu |
Network I/O options |
|
Bootstrap support |
|
OpenStack distributions supported |
|
Other KVM based platforms/hypervisors supported |
|
System Requirements | VM-50 (0.4 Core) | VM-100/ VM-200 (2 Cores) | VM-300/ VM-1000-HV (4 Cores) | VM-500 (8 Cores) | VM-700 (16 Cores) |
---|---|---|---|---|---|
CPU configurations supported | 21 | 2 | 2 and 4 | 2, 4 and 8 | 2, 4, 8 and 16 |
Memory (minimum) | 4.5 GB | 6.5 GB | 9 GB | 16 GB | 56 GB |
Disk drive capacity (min/max) | 32 GB2 / 2 TB | 60 GB / 2 TB | 60 GB / 2 TB | 60 GB / 2 TB | 60 GB / 2 TB |
- CPU oversubscription is supported with up to five instances running on a 2 CPU core configuration.
- 60 GB drive capacity is needed on initial boot. VM-Series instance will use 32GB after license activation.
Networking Features | |
Interface Modes | VLANs |
|
|
Routing | Network Address Translation |
|
|
High Availability | IPv6 |
|
|
Citrix® NetScaler® SDX™ is a service delivery networking platform for enterprise and cloud data centers. An advanced virtualized architecture supports multiple NetScaler instances on a single hardware appliance, while an advanced control plane unifies provisioning, monitoring and management to meet the most demanding multi-tenant requirements. Instead of relying on “bolted-on” capabilities or a collection of physical and virtual form factors that may compromise on features, performance and scalability, you can utilize the Citrix NetScaler SDX purpose-built platform for your data center service delivery needs.
With the VM-Series on Citrix NetScaler SDX, security and application delivery controller, or ADC, services can be consolidated on a single hardware platform. This addresses the unique application needs for business units, application owners and SP customers in a multi-tenant deployment. The VM-Series on Citrix NetScaler SDX also provides a complete, validated security and ADC offering for Citrix XenApp® and XenDesktop® deployments.
VM-Series on Citrix NetScaler SDX
The VM-Series delivers safe application enablement using the same PAN-OS® feature set that is available in physical security appliances. The core of the VM-Series is the next-generation firewall, which natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user, regardless of location or device type. The application, content and user – in other words, the elements that run your business – then serve as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time.
Summary
Palo Alto Networks VM-Series on Citrix NetScaler SDX provides enterprises with a powerful, best-in-class approach to secure application delivery. The full partitioning of application sets simplifies and reduces costs for application provisioning, maintenance and de-provisioning. The combined offering enables the secure delivery of all types of applications to all users in all locations while ensuring the highest levels of performance, security, availability, visibility and flexibility.
VM-Series On AWS
Introduction
As Amazon Web Services (AWS®) becomes the dominant deployment platform for your business-critical applications, protecting the increased public cloud footprint from threats, data loss, and business disruption remains challenging. The VM-Series on AWS solves these challenges, enabling you to:
- Protect your AWS workloads through unmatched application visibility and precise control.
- Prevent threats from moving laterally between workloads and stop data exfiltration.
- Eliminate security-induced application development bottlenecks with automation and centralized management.
Palo Alto Networks VM-Series virtualized next-generation firewalls protect your AWS workloads with next-generation security features that allow you to confidently and quickly migrate your business-critical applications to the cloud. AWS CloudFormation Templates and third-party automation tools allow you to embed the VM-Series in your application development lifecycle to prevent data loss and business disruption.
VM-Series on AWS
The VM-Series allows you to embrace a prevention-based approach to protecting your applications and data on AWS. Automation and centralized management features enable you to embed next-generation security in your AWS application workflow, allowing security to keep pace with development.
- Complete visibility improves security decisions. Understanding the applications in use on your network, including those that may be encrypted, helps you make informed security policy decisions.
- Segmentation and application whitelisting aid data security and compliance. Using application whitelisting to enforce a positive security model reduces your attack surface by allowing specific applications that align to your organization’s needs (e.g., allow SharePoint® documents for all, but limit SharePoint administration access to the IT group). Whitelisting policies also allow you to segment applications that communicate across subnets and between virtual private networks (VPCs) to stop lateral threat movement and meet compliance requirements.
- User-based policies improve security posture. Integration with on-premises user repositories, such as Microsoft Exchange, Active Directory®, and LDAP, lets you grant access to critical applications and data based on user credentials and need. For example, your developer group can have full access to the developer VPC while only IT administrators have RDP/SSH access to the production VPC. When deployed in conjunction with Palo Alto Networks GlobalProtect™ network security for endpoints, the VM-Series on AWS can extend your corporate security policies to mobile devices and users regardless of their location.
- Applications and data are protected from known and unknown threats. Attacks, like many applications, can use any port, rendering traditional prevention mechanisms ineffective. Enabling Threat Prevention and WildFire® malware prevention service as segmentation policy elements will protect you against exploits, malware, and previously unknown threats from both inbound and lateral movement perspectives.
- Multiple defenses block data exfiltration and unauthorized file transfers. Data exfiltration can be prevented using a combination of application enablement and Threat Prevention and DNS Security features. File transfers can be controlled by looking inside files, not only at their file extensions, to determine whether transfer actions should be allowed. Command and control, associated data theft, and executable files found in drive-by downloads or secondary payloads can also be blocked. Data filtering features can detect and control the flow of confidential data patterns, such as credit card and Social Security numbers, in addition to custom patterns.
Performance and Capacities
Many factors, such as AWS instance size, maximum packets per second supported, number of cores used, and AWS placement group, can affect performance. In addition to those noted, the performance and capacities listed in the following table have been generated under these test conditions:
- Instances use the AWS Nitro Hypervisor with Enhanced Networking Adapter (ENA) and AWS placement groups configured. SR-IOV and DPDK are optional and supported with instances running AWS Enhanced Networking (c3/m3/c4/m4).
- Firewall throughput and IPsec VPN are measured with App-ID™ and User-ID™ technology features enabled, utilizing 64 KB HTTP transactions.
- IPsec VPN performance is tested between two VM-Series instances in a placement group in the same availability zone and region. Performance will vary based on AWS instance type and connectivity topology (e.g., connecting from on-premises hardware to VM-Series on AWS; from VM-Series in an AWS VPC to an AWS VGW in another VPC; or VM-Series to VM-Series between regions).
- New sessions per second is measured with 1 byte HTTP transactions.
- Threat Prevention throughput is measured with App-ID, User-ID, IPS, antivirus, and anti-spyware features enabled, utilizing 64 KB HTTP transactions.
Model | VM-50/ VM-50 Lite1 | VM-100/ VM-200 | VM-300/ VM-1000-HV | VM-500 | VM-700 |
---|---|---|---|---|---|
AWS instance size tested (recommended)2 | N/A | c5.xlarge | m5.xlarge | m5.2xlarge | m5.4xlarge |
Firewall throughput (App-ID enabled) | N/A | 800 Mbps | 1 Gbps | 2.5 Gbps | 5 Gbps |
Threat Prevention throughput | N/A | 500 Mbps | 1 Gbps | 2 Gbps | 4 Gbps |
IPsec VPN throughput | N/A | 500 Mbps | 750 Mbps | 1.25 Gbps | 1.75 Gbps |
AAWS instance size tested (maximum) | N/A | c5.18xlarge | c5.18xlarge | c5.18xlarge | c5.18xlarge |
Firewall throughput (App-ID enabled) | N/A | 1.25 Gbps | 2.25 Gbps | 2.25 Gbps | 6 Gbps |
Threat Prevention throughput | N/A | 1 Gbps | 1.75 Gbps | 2 Gbps | 4.5 Gbps |
IPsec VPN throughput | N/A | 1 Gbps | 1.25 Gbps | 1.75 Gbps | 2 Gbps |
All instance sizes supported | VM-50/ VM-50 Lite1 | VM-100/ VM-200 | VM-300/ VM-1000-HV | VM-500 | VM-700 |
New sessions per second | N/A | 9K | 9K | 20K | 40K |
Max sessions | N/A | 250K | 800K | 2M | 10M |
System Requirements | |||||
Cores supported (min/max) | N/A | 0.4/2 | 2/4 | 2/8 | 2/16 |
Memory (min) | N/A | 6.5 GB | 9 GB | 16 GB | 56 GB |
Disk drive capacity (min)3 | N/A | 32 GB | 60 GB | 60 GB | 60 GB |
Minimum AWS instance sizes supported2,4 | N/A | c5.18xlarge | m5.xlarge,c5.18xlarge | m5.2xlarge, c5.18xlarge | m5.4xlarge, c5.18xlarge |
Licensing options | N/A | BYOL or VM-Series ELA | BYOL, VM ELA, or Marketplace | BYOL or VM-Series ELA | BYOL or VM-Series ELA |
- The VM-50 and VM-50 Lite are not supported on AWS
- Refers to recommended AWS instance based on CPU cores, memory, and pricing; .xlarge instances support 4 ENIs and are recommended to more fully support the range of common networking scenarios
- Disk storage using AWS Encrypted Volumes is supported
- Older generation c3/m3 and c4/m4 instances with appropriate CPU and memory are also supported
Documentation:
Download the Palo Alto Networks VM-Series Specsheet (PDF).
Download the Palo Alto Networks VM-Series Deployment Guide (PDF).
Pricing Notes:
- Pricing subject to change without notice.
Palo Alto Networks Products
Palo Alto Networks VM-Series
SD-WAN Subscriptions for VM-50
-
SD-WAN subscription, 1 year, VM-50#PAN-VM-50-SDWAN
List Price:$140.00
Our Price: $133.00
-
SD-WAN subscription, 1 year, renewal, VM-50#PAN-VM-50-SDWAN-R
List Price:$140.00
Our Price: $133.00
-
SD-WAN subscription, 3 year, VM-50#PAN-VM-50-SDWAN-3YR
List Price:$336.00
Our Price: $319.20
-
SD-WAN subscription, 3 year, renewal, VM-50#PAN-VM-50-SDWAN-3YR-R
List Price:$336.00
Our Price: $319.20
-
SD-WAN subscription, 5 year, VM-50#PAN-VM-50-SDWAN-5YR
List Price:$560.00
Our Price: $532.00
-
SD-WAN subscription, 5 year, renewal, VM-50#PAN-VM-50-SDWAN-5YR-R
List Price:$560.00
Our Price: $532.00