The Palo Alto Networks VM-Series firewalls offer robust control and protection for your applications housed within the Azure Cloud.
There are numerous ways to deploy PAN FW in Azure. This MicroHack is designed to explore the different scenarios that are possible.
The deployments in the following scenarios have been designed for educational purposes, not for production use.
Deploy a single instance of Palo Alto Firewall for a simple and straightforward protection solution.
Implement a High Availability Firewall with one active and one passive instance. The failover occurs within a few minutes.
Opt for a High Availability Firewall with two active instances to distribute the load and minimize the risk of failure.
Utilize an auto-scaling Firewall setup that dynamically adjusts the number of active instances based on traffic load.
Deploy a Next-Generation Firewall for Azure directly in the cloud for advanced threat prevention and secure access control.
| Feature | Single Instance (#1) | Active-Passive HA (#2) | Active-Active w. ELB/ILB (#3) | Auto-Scaling w. ELB/ILB (#4) | Cloud NGFW for Azure (#5) |
|---|---|---|---|---|---|
| Deployment Complexity | Low | Moderate | Moderate | Moderate | Low |
| High Availability | N/A | Yes (with ~5min downtime) | Yes | Yes | Yes |
| Scalability | N/A | N/A | N/A | Yes | Yes |
| Redundancy | No | Yes | Yes | Yes | Yes |
| Traffic Distribution | N/A | N/A | Load balanced between instances | Load balanced between instances | Load balanced between instances |
| Cost | + | ++ | ++ | +++ | +++ |
| Security Features | Standard | Standard | Standard | Standard | Superior network security features |
| Management Complexity | Simple | Moderate | Moderate | Moderate | Simple (managed service) |
| VPN termination | Yes | Yes | No | No | No |
| BGP peering | Yes | Yes | Yes | No | No |