NetScaler SDX

Palo Alto Networks VM-Series

January 17, 2024

Contributed by:

C S

Note:

From version 14.1 build 17.x onwards, NetScaler SDX has ended support for third-party virtual machines.

Palo Alto Networks VM-Series virtual firewalls use the same PAN-OS feature set that is available in the company’s physical security appliances, providing all key network security functions. VM-Series on NetScaler SDX enables consolidation of advanced security and ADC capabilities on a single platform, for secure, reliable access to applications by businesses, business units, and service-provider customers. The combination of VM-Series on NetScaler SDX also provides a complete, validated, security and ADC solution for Citrix Virtual Apps and Desktops deployments.

You can provision, monitor, manage, and troubleshoot an instance from the Management Service.

Points to note:

The total number of instances that you can provision on an SDX appliance depends on the SDX hardware resources available.
SR-IOV interfaces (1/x and 10/x) that are part of a channel do not appear in the list of interfaces because channels are not supported on a Palo Alto VM-Series instance. For more information about the Palo Alto Network VM-Series, see Palo Alto Network Documentation.

Provision a PaloAlto VM-Series instance

Before you can provision a Palo Alto VM-Series instance, you must download an XVA image from the Palo Alto Networks website. After you have downloaded the XVA image, upload it to the SDX appliance.

To upload an XVA image to the SDX appliance:

On the Configuration tab, navigate to PaloAlto VM-Series > Software Images.
In the details pane, under XVA Files, from the Action drop-down list, click Upload.
In the dialog box that appears, click Browse, and then select the XVA file that you want to upload.
Click Upload. The XVA file appears in the XVA Files pane.

To provision a Palo Alto VM-Series instance:

On the Configuration tab, navigate to PaloAlto VM-Series > Instances.
In the details pane, click Add.
In the Provision PaloAlto VM-Series wizard, follow the instructions on the screen.
Click Finish, and then click Close.

After provisioning the instance, log on to the instance and perform the detailed configuration.

To modify the values of the parameters of a provisioned instance, in the details pane, select the instance that you want to modify, and then click Modify. In the Modify PaloAlto VM-Series wizard, set the parameters to values suitable for your environment.

Note: If you modify any of the interface parameters or the name of the instance, the instance stops and restarts to put the change into effect.

Monitor a Palo Alto VM-Series instance

The SDX appliance collects statistics, such as the version of SDXTools running on the instance, of a Palo Alto VM-Series instance.

To view the statistics related to a Palo Alto VM-Series instance:

Navigate to PaloAlto VM-Series > Instances.
In the details pane, click the arrow next to the name of the instance.

Manage a PaloAlto VM-Series instance

You can start, stop, restart, force stop, or force restart a PaloAlto VM-Series instance from the Management Service.

On the Configuration tab, expand PaloAlto VM-Series.

Navigate to PaloAlto VM-Series > Instances.
In the details pane, select the instance on which you want to perform the operation, and then select one of the following options:
- Start
- Shut Down
- Reboot
- Force Shutdown
- Force Reboot
In the Confirm message box, click Yes.

Troubleshoot a PaloAlto VM-Series instance

Ping a PaloAlto VM-Series instance from the Management Service to check whether the device is reachable. You can trace the route of a packet from the Management Service to an instance to determine the number of hops involved in reaching the instance.

Rediscover an instance to view the latest state and configuration of an instance. During rediscovery, the Management Service fetches the configuration and the version of the PaloAlto VM-Series running on the SDX appliance. By default, the Management Service schedules instances for rediscovery once every 30 minutes.

On the Configuration tab, expand PaloAlto VM-Series.

To ping an instance:

Click Instances.
In the details pane, select the instance that you want to ping, and from the Action list, click Ping. The Pingmessage box shows whether the ping is successful.

To trace the route an instance:

Click Instances.
In the details pane, select the instance that you want to ping, and from the Action list, click TraceRoute. The Traceroute message box displays the route to the instance.

To rediscover an instance:

Click Instances.
In the details pane, select the instance that you want to rediscover, and from the Action list, click Rediscover.
In the Confirm message box, click Yes.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Palo Alto Networks VM-Series

January 17, 2024

Contributed by:

C S

January 17, 2024

Contributed by:

C S

Palo Alto Networks VM-Series

Provision a PaloAlto VM-Series instance

Monitor a Palo Alto VM-Series instance

Manage a PaloAlto VM-Series instance

Troubleshoot a PaloAlto VM-Series instance

In this article