The VM-Series Next-Generation Firewall is available on the Azure marketplace to allow cloud security architects to deploy the firewall and threat prevention along with their application deployment.
We can protect our applications and data with whitelisting and segmentation policies. Policies update dynamically based on Azure tags assigned to application VMs, allowing you to reduce the attack surface area and achieve compliance.
Step 1. Open the Azure portal, select the Resource group, and click + Create.
![Create]()
Step 2. In the Marketplace, search for Palo Alto and select VM-Series Next-Generation Firewall from Palo Alto.
![VM-Series Next-Generation]()
Step 3. Select the VM-Series Virtual Next-Generation Firewall with Threat Prevention – (Bundle 1 PYAG Azure) and click Create.
![Threat Prevention]()
Step 4. Select the necessary information, enter the firewall username and password, and click Next, Networking.
![Firewall username]()
Step 5. In this article, I have created a new Virtual Network because when we configure the Palo Alto firewall, we must also configure the Management Subnet, Untrust Subnet, and Trust Subnet. Click Next, VM-Series Configuration.
![VM-Series Configuration]()
Step 6. Enter the name for the DNS and Virtual Machine; if you want to change the VM size, we can click Change size on the Virtual machine size and click Next: Review + Create. It will start deployment in Palo Alto. It takes around 5 to 10 minutes to deploy the Palo Alto Firewall.
![Change size]()
Step 7. After deployment is completed, go to Resource (Virtual Machine) and copy the Palo Alto Public IP address.
![Public IP address]()
Step 8. Paste the IP address in the browser. We should be able to see the Palo Alto landing page. Enter your username and password to log in to the firewall.
![Palo Alto landing page]()
Summary
In this article, we will learn how to deploy VM-Series Next-Generation Firewall from Palo Alto Networks in Azure.