Palo Alto Networks VM Series Firewall Security Policy
Page 5 of 23
Module Overview
The Palo Alto Networks VM-Series firewall is available in four models--VM-100, VM-200,
VM-300, and VM-1000-HV. All four models can be deployed as guest virtual machines on
VMware ESXi, Citrix XenServer and Linux server that is running the KVM (Kernel-based
Virtual Machine). The module is installed using a common base image distributed in a
compatible hypervisor format (i.e ova, xva, qcow2). The software image that is used to
deploy the VM-Series firewall is common across all models.
Table 1 - Module Files
Operating
Environment
PAN-OS for VM-Series
Base Images
PA-VM Release Version
VMware ESXi
5.5
PA-VM-ESX-7.0.1.ova or
PA-VM-NSX-7.0.1.ova
7.0.1-h4 or 7.0.3
KVM on
CentOS 6.5
PA-VM-KVM-7.0.1.qcow2
7.0.1-h4 or 7.0.3
Citrix
XenServer
6.1.0
PA-VM-SDX-7.0.1.xva
7.0.1-h4 or 7.0.3
The Palo Alto Networks VM-series cryptographic module is a software cryptographic module and
requires an underlying general purpose computer (GPC) environment. The module is comprised of
a GPC (multi-chip standalone embodiment) and the Logical Cryptographic Module (LCM)
boundary. The LCM boundary includes all of the logical software components of the module. The
physical cryptographic module (PCM) boundary is defined by the enclosure around the host GPC
on which it runs.