Panorama Virtual Appliance and Virtual Dedicated Log Collector on AWS GovCloud

How to deploy a Panorama virtual appliance and a virtual Dedicated Log Collector on AWS GovCloud.
Panorama continues to expand supported virtual environments to help reduce your physical footprint by giving you more flexibility in deploying your Palo Alto Networks management and log collection services along side other application you have deployed on Amazon Web Services. The Panorama virtual appliance on AWS supports all deployment modes (Panorama, Log Collector, and Management) and share the same processes and functionality as their M-Series counterparts. Refer to Panorama Models for more information on the Panorama modes.
For more information, see Install Panorama on AWS GovCloud.
  1. Log in to the AWS GovCloud Web Service Console and select the EC2 dashboard.
  2. Set up the VPC for your network needs.
  3. Deploy Panorama on Amazon Web Services.
    1. On the EC2 Dashboard, click
      Launch Instance
      and then select
      My AMIs
      and
      Select
      the Panorama 8.1.0 AMI.
    2. Launch the Panorama virtual appliance as an EC2 instance.
      1. Choose the
        EC2 instance type
        for allocating the resources required for the Panorama virtual appliance, and click
        Next: Configure Instance Details
        . See the Setup Prerequisites for the Panorama Virtual Appliance for resource requirements.
      2. Select the VPC.
      3. Select the public subnet for the Panorama virtual appliance management interface.
      4. Select
        Automatically assign a public IP address
        .
      5. Click
        Next: Add Storage
        and
        Add New Volume
        to add log storage.
      6. (
        Optional
        ) Add one or more tags as metadata to help you identify and group the Panorama virtual appliance. For example, add a
        Name
        tag with a
        Value
        that helps you identify which firewalls the Panorama virtual appliance manages.
      7. Create a new
        Security Group
        or select an existing one with HTTPS and SSH enabled at a minimum.
      8. Select
        Review and Launch
        and verify that your selections are accurate before you select
        Launch.
      9. Select an existing key pair or create a new one and acknowledge the disclaimer.
        As a best practice, create a new key for each instance of Panorama or Dedicated Log Collector on AWS.
      10. If you created a new key, download and save the private key to a safe location; the file extension is
        .pem
        . You cannot regenerate this key if lost.
        It takes 20-30 minutes to launch the Panorama virtual appliance using the minimum requirements.
  4. Enable management access to the Panorama virtual appliance.
    1. Shut down the Panorama virtual appliance.
    2. Create virtual network interface(s) and attach the interface(s) to the Panorama virtual appliance. The virtual network interfaces are called Elastic Network Interfaces (ENIs) on AWS. These interfaces are used for managing devices from the virtual appliance.
      The Panorama virtual appliance on AWS supports a single management interface. You must use this interface for log collection and device management.
    3. Create or assign an Elastic IP (EIP) address to the management interface.
    4. Power on the Panorama virtual appliance.
  5. Configure a new administrative password for the Panorama virtual appliance.
    You must configure a unique administrative password before you can access the web interface of the Panorama virtual appliance. To access the CLI, the private key used to launch the Panorama virtual appliance is required.
  6. Activate the licenses on the Panorama virtual appliance.
  7. Complete configuring the Panorama virtual appliance for your deployment needs.

Related Documentation