Call a Specialist Today! 844-294-0778


  1. Home
  2. Products
  3. Network Security
  4. Software Firewalls
  5. VM-Series
Palo Alto Networks

VM-Series

The cloud is public. Your data should be private.

Secure AWS, Azure, and Google Cloud workloads with the same ML-powered NGFW protection used on-premises. One policy framework. One management console. Any cloud.

Request a quote Download datasheet
VM-Series Virtual Next-Generation Firewalls

Proven performance across cloud environments

Independent analysis and testing validate VM-Series security efficacy and return on investment.

1

Unified console

Manage security across all cloud and on-premises environments from a single interface.

99.4%

Security efficacy

Validated by SecureIQLab independent testing.

163%

Return on investment

Documented by Forrester Consulting Total Economic Impact analysis.

One firewall for any cloud

VM-Series virtual firewalls deliver the same PAN-OS capabilities as PA-Series hardware appliances in a software form factor. Organizations maintain one policy framework across on-premises and cloud environments instead of managing separate security systems.

Full NGFW capabilities

App-ID, Content-ID, User-ID, and WildFire run identically in VM-Series, providing the same application visibility and threat prevention available on PA-Series hardware.

Flexible consumption model

Software NGFW Credits allow elastic scaling from 2 to 64 vCPUs, with on-demand allocation of security services and management capabilities across deployments.

Centralized management

Panorama and Strata Cloud Manager provide unified policy management across VM-Series and hardware firewalls from a single console.

Capabilities

Go beyond native cloud controls

Native cloud security operates at Layer 4. VM-Series provides Layer 7 application inspection, advanced threat prevention, and consistent policy enforcement across every environment.

Layer 7 inspection and microsegmentation for cloud workloads

Protect all workloads

Get complete Layer 7 inspection. Stop lateral movement of threats. Enforce trust zones and secure allowed traffic between microsegments.

  • Application-level visibility across all cloud workloads using App-ID
  • Microsegmentation with granular policies to block lateral threat movement
  • Zero Trust enforcement for every workload regardless of environment
Centralized security management across cloud environments

Streamline operations

Replace the complexity of tool sprawl with a centralized command center and single, unified security fabric.

  • Single policy framework across hardware and virtual firewalls
  • Centralized logging and reporting for complete visibility across environments
  • Infrastructure-as-code integration with Terraform, Ansible, and cloud-native templates
Elastic scaling with Software NGFW Credits

Save and scale

Secure at the speed of business. Automatically scale up and scale down to meet real-world traffic needs.

  • Elastic scaling from 2 to 64 vCPUs based on credit allocation
  • Credit reallocation across deployments without additional procurement
  • Cloud marketplace availability for rapid deployment on AWS, Azure, and GCP

Hybrid Cloud Security

Unified hybrid defense

A consistent security architecture spanning on-premises and cloud eliminates the complexity of managing separate systems for each environment. Three components deliver a unified security posture.

The on-premises firewall

PA-400 or PA-1400 Series secures headquarters, branch offices, and users with ML-powered threat prevention.

View PA-Series

The cloud firewall

VM-Series secures applications and workloads in AWS, Azure, and Google Cloud with the same PAN-OS policy framework used on-premises.

View capabilities

The management console

Panorama or Strata Cloud Manager provides single-console policy management, logging, and reporting across both environments.

View Strata Cloud Manager

Native cloud security vs. VM-Series

Cloud provider security controls address basic network filtering. VM-Series provides the application-level inspection and consistent policy enforcement required for enterprise security and compliance.

Visibility

Cloud provider firewalls operate at Layer 4, filtering by port and protocol. VM-Series inspects at Layer 7, identifying applications regardless of port, protocol, or encryption.

Detect threats hidden within allowed application traffic that Layer 4 controls cannot see.

Consistency

Separate policy frameworks for on-premises and cloud create operational overhead and security gaps. VM-Series uses the same PAN-OS rules and objects used on PA-Series hardware.

Replicate existing on-premises security policies to the cloud without rebuilding from scratch.

Compliance

PCI DSS, HIPAA, and SOC 2 require documented, consistent security controls. VM-Series extends the same certified protection used on-premises into cloud environments.

Maintain a unified compliance posture across hybrid infrastructure.

Deployment scenarios

VM-Series addresses common cloud security requirements across migration, remote access, and branch connectivity use cases.

Cloud migration

Lift-and-shift workloads to AWS, Azure, or GCP while maintaining existing security policies. VM-Series provides the same protection in the cloud, eliminating the need to redesign security architecture during migration.

Discuss migration

Virtual desktop infrastructure

Segment and inspect traffic in Azure Virtual Desktop and Citrix VDI environments. VM-Series prevents lateral movement between virtual desktops and enforces user-based access policies.

Discuss VDI security

SD-WAN hub

Deploy VM-Series as a virtual hub in the cloud to connect branch offices, data centers, and SaaS applications securely. Hub-and-spoke or full mesh architectures are supported.

Discuss SD-WAN

Supported platforms

VM-Series deploys across all major public clouds, hypervisors, and software-defined networking environments.

Public clouds

  • Amazon Web Services
  • Microsoft Azure
  • Google Cloud
  • Oracle Cloud
  • Alibaba Cloud

Hypervisors

  • VMware ESXi
  • KVM
  • Microsoft Hyper-V
  • Nutanix AHV
  • OpenStack

SDN solutions

  • VMware NSX-T
  • Cisco ACI
  • Nutanix Flow

Additional environments

  • 5G mobile networks
  • Critical infrastructure (OT)
  • SD-WAN deployments
  • Software-defined branches

Documentation and resources

Technical datasheets, deployment guidance, and sizing tools for VM-Series virtual firewalls.

VM-Series datasheet

Download PDF

CN-Series datasheet

Download PDF

Credit estimator

Calculate the number of Software NGFW Credits needed based on vCPU count, throughput requirements, and security services.

Request custom sizing

Free trial

Try VM-Series free for up to 30 days on AWS, Azure, VMware ESXi, or Linux KVM environments.

Start free trial

Connect with a specialist

Evaluate VM-Series for specific cloud environments, discuss hybrid deployment architecture, or request custom credit sizing based on throughput and vCPU requirements.

Contact information

Email: [email protected]

Phone: 844-294-0778 (Toll free) | 949-328-2955 (Local)