End-of-Life (EoL)

Panorama Virtual Appliance and Virtual Dedicated Log Collector on AWS

How to deploy a Panorama™ virtual appliance and a virtual Dedicated Log Collector on Amazon® Web Services (AWS®).
Panorama™ continues to expand the number of supported virtual environments to help reduce your physical footprint and giving you more flexibility when deploying your Palo Alto Networks® management and log collection services alongside other applications you deployed on Amazon® Web Services (AWS®). The Panorama virtual appliance on AWS supports all deployment modes (Panorama, Log Collector, and Management) and each mode shares the same processes and functionality as its M-Series counterpart. Refer to Panorama Models for more information on Panorama modes.
For more information, see Install Panorama on AWS.
  1. Log in to the Amazon Web Service Console and select the EC2 dashboard.
  2. Set up the VPC for your network needs.
  3. Deploy Panorama on Amazon Web Services.
    1. On the EC2 Dashboard,
      Launch Instance
      and then select
      My AMIs
      the Panorama 8.1.0 AMI.
    2. Launch the Panorama virtual appliance as an EC2 instance.
      1. Choose the
        EC2 instance type
        for allocating the resources required for the Panorama virtual appliance, and click
        Next: Configure Instance Details
        . See the Setup Prerequisites for the Panorama VirtualAppliance for resource requirements.
      2. Select the VPC.
      3. Select the public subnet for the Panorama virtual appliance management interface.
      4. Automatically assign a public IP address
      5. Click
        Next: Add Storage
        Add New Volume
        to add log storage.
      6. (
        ) Add one or more tags as metadata to help you identify and group the Panorama virtual appliance. For example, add a
        tag with a
        that helps you identify which firewalls the Panorama virtual appliance manages.
      7. Create a new
        Security Group
        or select an existing one with—at minimum—HTTPS and SSH enabled
      8. Review and Launch
        and then verify that your selections are accurate before you
      9. Select an existing key pair or create a new one and acknowledge the disclaimer.
        As a best practice, create a new key for each instance of Panorama or Dedicated Log Collector on AWS.
      10. If you create a new key, download and save the private key to a safe location; the file extension is
        . You cannot regenerate this key if it is lost.
        It takes 20 to 30 minutes to launch the Panorama virtual appliance using the minimum requirements.
  4. Enable management access to the Panorama virtual appliance.
    1. Shut down the Panorama virtual appliance.
    2. Create virtual network interfaces as needed and attach the interfaces to the Panorama virtual appliance. The virtual network interfaces are called Elastic Network Interfaces (ENIs) on AWS. You use these interfaces to manage devices from the virtual appliance.
      The Panorama virtual appliance on AWS supports a single management interface; you must use this interface for log collection and device management.
    3. Create or assign an Elastic IP (EIP) address to the management interface.
    4. Power on the Panorama virtual appliance.
  5. Configure a new administrative password for the Panorama virtual appliance.
    You must configure a unique administrative password before you can access the web interface of the Panorama virtual appliance. The private key you used to launch the Panorama virtual appliance is required to access the CLI.
  6. Activate the licenses on the Panorama virtual appliance.
  7. Finish configuring the Panorama virtual appliance for your deployment needs.

Recommended For You