Bootstrapping Enhancements for VM-Series on Azure
At launch, bootstrap the VM-Series firewall on Azure using file storage.
The solution template in the Azure Marketplace has been updated to enable bootstrapping, and you can now use Azure file storage to upload the configuration files and licenses to easily bootstrap the VM-Series firewall at launch. In order to bootstrap successfully, you must provide the name of the storage account that holds the bootstrap folders and the keys to authenticate for access the storage account.
- Log in to the Azure portal (https://portal.azure.com).
- Set up the storage account with a File service. The File
service allows the VM-Series firewalls to read files stored there
and get provisioning information at launch.If you are using the solution template in the Azure marketplace to deploy the VM-Series, make sure to keep this storage account in a different resource group that the one in which you plan to deploy the firewall. This is because the solution template can be deployed in either a new or empty resource group.Within the File service, you must create a File share. In the File share you must Add the directory structure for the bootstrap package so that you can upload the files required for bootstrapping. Optionally, you can specify a Share-directory. If you have a common File share that serves as a repository for bootstrap configuration for different set ups, using a share-directory gives you the flexibility to create a folder hierarchy and access a specific set of sub-folders within the common File share.
- Add the information to bootstrap the firewall, when you Deploy the VM-Series firewall.
- Select Enable Bootstrap yes.
- Enter the Storage Account Name that holds the bootstrap package.
- Enter the Storage Account Access Key. This firewall needs this access key to authenticate to the storage account and access the files stored in it.
- Add the File share name to which you have uploaded the files required for bootstrapping the firewall. The storage account must be set up with the correct folder structure for the bootstrapping.
- Verify that you have successfully bootstrapped the VM-Series
- Select DashboardResource Groups, select the resource group.
- Select SettingsDeploymentsDeployment History for detailed status.
- To publish PAN-OS metrics to Azure Application Insights, see Support for Azure Application Insights.
Bootstrap the VM-Series Firewall in Azure
Bootstrap the VM-Series Firewall on Azure The VM-Series firewall on Azure supports Azure Files service for bootstrapping. To manage the bootstrap package for the VM-Series ...
Deploy the VM-Series Firewall on Azure (Solution Template)
Deploy the VM-Series Firewall from the Azure Marketplace (Solution Template) The following instructions describe how to deploy the solution template for the VM-Series firewall that ...
VM-Series Firewall Templates on Azure
VM-Series Firewall Templates on Azure You can deploy the VM-Series firewall on Azure using templates. Palo Alto Networks provides two kinds of templates—Solution templates and ...
About the VM-Series Firewall on Azure
About the VM-Series Firewall on Azure The VM-Series firewall on Azure must be deployed in a virtual network (VNet) using the Resource Manager deployment mode. ...
Describes all the exciting new capabilities in PAN-OS® 8.1 for the VM-Series firewall. ...
Bootstrap the VM-Series Firewall
Bootstrap the VM-Series Firewall Bootstrapping allows you to create a repeatable and streamlined process of deploying new VM-Series firewalls on your network because it allows ...
Azure Security Center Integration
Forward firewall logs to the Azure Security Center dashboard for a consolidated view on the security of your Azure deployment. Use this view to assess ...
Virtualization Features VM-50 Lite Integration with Azure Security Center View high-priority firewall logs as security alerts on the Azure Security Center dashboard with the default ...
Use Azure Security Center Recommendations to Secure Your Workloads
Based on a recommendation from the Azure Security Center dashboard, you can either deploy a new instance of the VM-Series firewall or connect your existing ...