Panorama Virtual Appliance and Virtual Dedicated Log Collector
on AWS GovCloud
How to deploy a Panorama virtual appliance and a virtual Dedicated Log Collector on AWS GovCloud.
Panorama continues to expand supported virtual environments to help reduce your physical footprint by giving you more flexibility in deploying your Palo Alto Networks management and log collection services along side other application you have deployed on Amazon Web Services. The Panorama virtual appliance on AWS supports all deployment modes (Panorama, Log Collector, and Management) and share the same processes and functionality as their M-Series counterparts. Refer to Panorama Models for more information on the Panorama modes.
For more information, see Install Panorama on AWS GovCloud.
- Log in to the AWS GovCloud Web Service Console and select the EC2 dashboard.
- Set up the VPC for your network needs.
- Deploy Panorama on Amazon Web Services.
- On the EC2 Dashboard, clickLaunch Instanceand then selectMy AMIsandSelectthe Panorama 8.1.0 AMI.
- Launch the Panorama virtual appliance as an EC2 instance.
- Choose theEC2 instance typefor allocating the resources required for the Panorama virtual appliance, and clickNext: Configure Instance Details. See the Setup Prerequisites for the Panorama Virtual Appliance for resource requirements.
- Select the VPC.
- Select the public subnet for the Panorama virtual appliance management interface.
- SelectAutomatically assign a public IP address.
- ClickNext: Add StorageandAdd New Volumeto add log storage.
- (Optional) Add one or more tags as metadata to help you identify and group the Panorama virtual appliance. For example, add aNametag with aValuethat helps you identify which firewalls the Panorama virtual appliance manages.
- SelectReview and Launchand verify that your selections are accurate before you selectLaunch.
- Select an existing key pair or create a new one and acknowledge the disclaimer.As a best practice, create a new key for each instance of Panorama or Dedicated Log Collector on AWS.
- If you created a new key, download and save the private key to a safe location; the file extension is.pem. You cannot regenerate this key if lost.It takes 20-30 minutes to launch the Panorama virtual appliance using the minimum requirements.
- Enable management access to the Panorama virtual appliance.
- Shut down the Panorama virtual appliance.
- Create virtual network interface(s) and attach the interface(s) to the Panorama virtual appliance. The virtual network interfaces are called Elastic Network Interfaces (ENIs) on AWS. These interfaces are used for managing devices from the virtual appliance.The Panorama virtual appliance on AWS supports a single management interface. You must use this interface for log collection and device management.
- Create or assign an Elastic IP (EIP) address to the management interface.
- Power on the Panorama virtual appliance.
- Configure a new administrative password for the Panorama virtual appliance.You must configure a unique administrative password before you can access the web interface of the Panorama virtual appliance. To access the CLI, the private key used to launch the Panorama virtual appliance is required.
- Activate the licenses on the Panorama virtual appliance.
- Complete configuring the Panorama virtual appliance for your deployment needs.
- (Log Collector mode) Begin at Step 6 to set up the Panorama virtual appliance as a Log Collector.When configuring the Management interface in Step 9.3, enter thePublic IP Addressof the Dedicated Log Collector. You do not have the option to enter theIP Address,Netmask, orGateway.