>
    Scale Out Firewalls Based on Custom Metrics Supported
    Focus
    Download PDF
    Focus
    1. Home
    2. CN-Series
    3. CN-Series HSF
    4. CN-Series HSF: Use Cases
    5. Scale Out Firewalls Based on Custom Metrics Supported
    Download PDF
    CN-Series

    Scale Out Firewalls Based on Custom Metrics Supported

    Table of Contents

    Scale Out Firewalls Based on Custom Metrics Supported

    Where Can I Use This?What Do I Need?
    • CN-Series HSF Firewall deployment
    • CN-Series 11.0.x or above Container Images
    • Panorama running PAN-OS 11.0.x or above version
    This test helps to validate the ability of the CN-Series HSF cluster to auto scale, based on the custom metric value target specified in autoscaling.
    1. Enable Autoscaling while you create the CN-Series HSF Cluster to autoscale based on custom metric target value specified in autoscaling. For more information, see Deploy the HSF Cluster
    2. Enter the CloudWatch namespace to push metrics to AWS CloudWatch.
    3. Enter the region of the EKS cluster.
    4. Enter the Push interval.
    5. Choose the Autoscaling Meric. In this example, you may wish to choose PansessionActive.
    6. Specify the scale in threshold and scale out threshold. For example, if you have 2 NGFW pods running and the total number of sessions on the firewall currently is 1000, then the cloud watch metric will show 500 (per NGFW pod).
    7. You can set scale out threshold to 250 and auto scale should spin up 2 more NGFW pods.
    8. Use show session info command on the MGMT pod to get the session information
    9. You can specify the maximum and minimum NGFW pods that can auto scale.
      Expected Result: The NGFW pod should auto scale based on the scale out threshold value

    © 2024 Palo Alto Networks, Inc. All rights reserved.