End-of-Life (EoL)
Panorama Virtual Appliance and Virtual Dedicated Log Collector
on AWS
How to deploy a Panorama™ virtual appliance and a virtual
Dedicated Log Collector on Amazon® Web Services (AWS®).
Panorama™ continues to expand the number of
supported virtual environments to help reduce your physical footprint and giving you
more flexibility when deploying your Palo Alto Networks® management
and log collection services alongside other applications you deployed
on Amazon® Web Services (AWS®). The Panorama virtual appliance on
AWS supports all deployment modes (Panorama, Log Collector, and
Management) and each mode shares the same processes and functionality
as its M-Series counterpart. Refer to Panorama Models for more information on
Panorama modes.
For more information, see Install Panorama on AWS.
- Log in to the Amazon Web Service Console and select the EC2 dashboard.
- Set up the VPC for your network needs.
- Deploy Panorama on Amazon Web Services.
- On the EC2 Dashboard,Launch Instanceand then selectMy AMIsandSelectthe Panorama 8.1.0 AMI.
- Launch the Panorama virtual appliance as an EC2 instance.
- Choose theEC2 instance typefor allocating the resources required for the Panorama virtual appliance, and clickNext: Configure Instance Details. See the Setup Prerequisites for the Panorama VirtualAppliance for resource requirements.
- Select the VPC.
- Select the public subnet for the Panorama virtual appliance management interface.
- Automatically assign a public IP address.
- ClickNext: Add StorageandAdd New Volumeto add log storage.
- (Optional) Add one or more tags as metadata to help you identify and group the Panorama virtual appliance. For example, add aNametag with aValuethat helps you identify which firewalls the Panorama virtual appliance manages.
- Create a newSecurity Groupor select an existing one with—at minimum—HTTPS and SSH enabled
- Review and Launchand then verify that your selections are accurate before youLaunch.
- Select an existing key pair or create a new one and acknowledge the disclaimer.As a best practice, create a new key for each instance of Panorama or Dedicated Log Collector on AWS.
- If you create a new key, download and save the private key to a safe location; the file extension is.pem. You cannot regenerate this key if it is lost.It takes 20 to 30 minutes to launch the Panorama virtual appliance using the minimum requirements.
- Enable management access to the Panorama virtual appliance.
- Shut down the Panorama virtual appliance.
- Create virtual network interfaces as needed and attach the interfaces to the Panorama virtual appliance. The virtual network interfaces are called Elastic Network Interfaces (ENIs) on AWS. You use these interfaces to manage devices from the virtual appliance.The Panorama virtual appliance on AWS supports a single management interface; you must use this interface for log collection and device management.
- Create or assign an Elastic IP (EIP) address to the management interface.
- Power on the Panorama virtual appliance.
- Configure a new administrative password for the Panorama virtual appliance.You must configure a unique administrative password before you can access the web interface of the Panorama virtual appliance. The private key you used to launch the Panorama virtual appliance is required to access the CLI.
- Activate the licenses on the Panorama virtual appliance.
- Finish configuring the Panorama virtual appliance for your deployment needs.
- (Management Only mode) Set Up a Panorama Virtual Appliance in Management Only Mode.
- (Log Collector mode) Skip to Step 6 to set up the Panorama virtual appliance as a Log Collector.When configuring the Management interface in Step 9, enter thePublic IP Addressof the Dedicated Log Collector. You cannot specify theIP Address,Netmask, orGateway.
- (Panorama and Management Only mode) Configure a Managed Collector. Manage a Dedicated Log Collector from the Panorama virtual appliance for log collection of managed firewalls.
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.
