Prisma AIRS
Deploy GWLB-Based SLR in AWS
Table of Contents
Deploy GWLB-Based SLR in AWS
Deploy GWLB-based SLR when you want to monitor multiple applications across different
VPCs simultaneously.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
- Log in to Strata Cloud Manager.Navigate to .In the top right corner, click on the binocular icon.Select a cloud service provider and select Next.If you have previously created an SLR deployment, select Add New SLR Deployment on the SLR Monitoring deployment screen.
![]()
In Regions & Application(s):- Select the cloud account you want to secure.Select the Region in which you want to protect the applications.Click Add New Application/ENIs, and select the application’s ENIs.Select Next.
![]()
In Deployment Parameters, select Gateway Load Balancer (GWLB) based deployment.- Enter the configurations to create the GWLB endpoints:
![]()
In GWLB Endpoint CIDR: Enter the subnet’s CIDR IP address for each application’s endpoint. Ensure the CIDR is part of the application VPC where you want to monitor traffic.Configure the following:IP addressing scheme Licensing Management parameters - Number of firewalls to deploy.
- CIDR value for the security VPC. CIDR IP address of the firewall.
- PAN OS version for your image.
- Flex authentication code (Copy AUTH CODE for the deployment profile you created for Prisma AIRS AI Runtime: Network intercept in Customer Support Portal).
- Device Certificate PIN ID.
- Device Certificate PIN value.
- List CIDR ranges to be allowed access to the management interface.
- Enter the SSH key to be used for login (see how to create a key pair for your Amazon EC2 instance).
- Select Manage by SCM and select the
SCM folder to group the Prisma AIRS AI Runtime: Network
intercept. (See, Workflows: Folders
- Strata Cloud Manager).Select the SCM folder with the default configuration snippet - "AIRS-SLR-AWS-default" you created in the prerequisite step from the SLR deployment section.
![]()
Select Next.Enter a Terraform template name.Review the network architecture for GWLB-based centralized SLR deployment:2 VPC: Application VPC and Security VPC.- The GWLB endpoint in the application VPC monitors the mirroring traffic between the application ENIs.
- GWLB in the security VPC collects the mirrored traffic routed from the GWLB endpoint.
- SLR is deployed in the security VPC behind GWLB.
- Interfaces - eth1/1: GWLB transfers the mirrored traffic to the SLR instances through eth1/1.
Click Generate Terraform Template.Click Download Terraform Template and save the zip file. This saves and downloads the SLR deployment Terraform.![]()
Click Done.Unzip the downloaded file.Navigate to <unzipped-folder> with 2 directories: `architecture` and `modules`. Deploy the Terraform templates in your cloud environment following the `README.md` file in the `architecture` folder.Initialize and apply the Terraform for the security_project.Deploying Terraform for the security project creates the GWLB endpoints in your selected application VPC. The security Terraform deploys an Auto Scaling Group (ASG) in a security VPC with an SLR, the SLR receives the mirrored traffic from application ENIs.The security_project contains the Terraform plan to deploy an SLR in traffic mirroring mode in a centralized security VPC behind AWS Gateway Load Balancer (GWLB) with multiple endpoints.cd architecture cd security_project terraform init terraform plan terraform applyThe output is similar to the below snippet and displays the SLR public IP address.Output: Apply complete! Resources: 6 added, 0 changed, 1 destroyed. Outputs: App_inspected_dns_name = [] Gwlb_service = { "Security_gwlb" = "com.amazonaws.vpce.us-east-1.vpce-svc-xxxxxxxxxxxxxxxx" }Run the application Terraform to peer the application VPCs. The application Terraform enables packet mirroring at the application workload and exports traffic to SLR.cd ../application_project terraform init terraform plan terraform applyThe output lists the GWLB endpoints and the traffic mirror sessions.Next, View and Manage SLR Reports for threat analysis and risk mitigation.
