Panorama Virtual Appliance and Virtual Dedicated Log Collector on AWS GovCloud

How to deploy a Panorama virtual appliance and a virtual Dedicated Log Collector on AWS GovCloud.
Panorama continues to expand supported virtual environments to help reduce your physical footprint by giving you more flexibility in deploying your Palo Alto Networks management and log collection services along side other application you have deployed on Amazon Web Services. The Panorama virtual appliance on AWS supports all deployment modes (Panorama, Log Collector, and Management) and share the same processes and functionality as their M-Series counterparts. Refer to Panorama Models for more information on the Panorama modes.
For more information, see Install Panorama on AWS GovCloud.
  1. Log in to the AWS GovCloud Web Service Console and select the EC2 dashboard.
  2. Set up the VPC for your network needs.
  3. Deploy Panorama on Amazon Web Services.
    1. On the EC2 Dashboard, click Launch Instance and then select My AMIs and Select the Panorama 8.1.0 AMI.
    2. Launch the Panorama virtual appliance as an EC2 instance.
      1. Choose the EC2 instance type for allocating the resources required for the Panorama virtual appliance, and click Next: Configure Instance Details. See the Setup Prerequisites for the Panorama Virtual Appliance for resource requirements.
      2. Select the VPC.
      3. Select the public subnet for the Panorama virtual appliance management interface.
      4. Select Automatically assign a public IP address.
      5. Click Next: Add Storage and Add New Volume to add log storage.
      6. (Optional) Add one or more tags as metadata to help you identify and group the Panorama virtual appliance. For example, add a Name tag with a Value that helps you identify which firewalls the Panorama virtual appliance manages.
      7. Create a newSecurity Group or select an existing one with HTTPS and SSH enabled at a minimum.
      8. Select Review and Launch and verify that your selections are accurate before you select Launch.
      9. Select an existing key pair or create a new one and acknowledge the disclaimer.
        As a best practice, create a new key for each instance of Panorama or Dedicated Log Collector on AWS.
      10. If you created a new key, download and save the private key to a safe location; the file extension is .pem. You cannot regenerate this key if lost.
        It takes 20-30 minutes to launch the Panorama virtual appliance using the minimum requirements.
  4. Enable management access to the Panorama virtual appliance.
    1. Shut down the Panorama virtual appliance.
    2. Create virtual network interface(s) and attach the interface(s) to the Panorama virtual appliance. The virtual network interfaces are called Elastic Network Interfaces (ENIs) on AWS. These interfaces are used for managing devices from the virtual appliance.
      The Panorama virtual appliance on AWS supports a single management interface. You must use this interface for log collection and device management.
    3. Create or assign an Elastic IP (EIP) address to the management interface.
    4. Power on the Panorama virtual appliance.
  5. Configure a new administrative password for the Panorama virtual appliance.
    You must configure a unique administrative password before you can access the web interface of the Panorama virtual appliance. To access the CLI, the private key used to launch the Panorama virtual appliance is required.
  6. Activate the licenses on the Panorama virtual appliance.
  7. Complete configuring the Panorama virtual appliance for your deployment needs.

Related Documentation