End-of-Life (EoL)
VM-Series Firewall on Google Cloud Platform
Deploy the VM-Series firewall from Google Cloud Platform
Marketplace, enable Google Stackdriver monitoring, and enable VM-Series
firewalls to monitoring Google Compute Engine instances.
You can now deploy the VM-Series firewall
on a Google Compute Engine instance within
a Google Cloud Platform project to secure
your applications and workloads.
The VM-Series firewall on
Google Cloud Platform can publish custom PAN-OS metrics to Google
Stackdriver. With Stackdriver Monitoring, you can monitor the firewall,
and set up alerts based on firewall health and performance.
You
can also enable any firewall that runs PAN-OS 8.1 (virtual or physical)
to monitor application workloads deployed on Google Compute Engine
instances. With an awareness of virtual machine adds, moves, or
deletes within a Google VPC, you can create security policy rules
that automatically adapt to changes in your application environment.
Deploy the VM-Series Firewall from Google Cloud Platform
Marketplace
The VM-series firewall is part of your Google
project, using the VPC networks to communicate with other compute
engine instances. In addition to serving as an internet gateway,
the VM-series firewall can secure east-west traffic between VPCs to
ensure data protection compliance and application access.

Google
Marketplace provides templates based on license types. The templates deploy
an instance of the VM-Series firewall with a management interface
and two dataplane interfaces.
Before you deploy the VM-Series
firewall, you must choose a project in your organization, and create
a minimum of three networks and subnetworks that the firewall requires
at launch.
- Locate the VM-Series firewall listing in Google Marketplace.
- Log in to the Google Cloud Console.
- From the Products and Services menu, chooseMarketplace.
- Search for “VM-Series”.
- Select one of the VM-Series licensing options.
- ClickLaunch on Compute Engine.
Enable Google Stackdriver Monitoring
You can enable any firewall that runs PAN-OS
8.1 (virtual or physical) to monitor application workloads deployed
on Google Compute Engine instances. With an awareness of virtual
machine adds, moves, or deletes within a Google VPC, you can create
security policy rules that automatically adapt to changes in your
application environment.
- Select, andDeviceVM Information SourcesAdda new source to monitor.
- Enter a uniqueNamefor the source.
- Select theService Authentication Type.
- VM-Series running in GCE—Use this option if a VM-Series firewall deployed on GCE is monitoring the virtual machines on GCE. You do not need to provide account credentials if the service account that you used to provision the firewall has the permissions required to authenticate to the Google Cloud Project you want to monitor.
- Service Account—Use this option on any hardware-based firewall or VM-Series firewall that is not running on GCE. You must the provide theService Account Credentialas a JSON file so that the firewall can authenticate to the GCP infrastructure and retrieve the attributes.
- Enter theProject IDand theZonein which the resources are deployed.
- ClickOKandCommityour changes.
- Verify the connectionStatusis successful and that the firewall is able to connect to the GCE project you want to monitor.
- Use the attributes as match criteria in dynamic address groups.
Enable VM-Series Firewall to Track Changes on Google Cloud
Platform VMs
You can also enable any firewall that runs PAN-OS
8.1(virtual or physical) to monitor application workloads deployed
on Google Compute Engine instances. For a description of the PAN-OS
metrics that you can publish to Google Stackdriver, see Custom PAN-OS Metrics Published for Monitoring.
- Push PAN-OS metrics from a VM-Series firewall on a Google Compute Engine instance to Stackdriver.
- Log in to the web interface on the VM-Series firewall.
- Select. On the Google Cloud Stackdriver Monitoring Setup panel, click EditDeviceOperations
.
- CheckPublish PAN-OS metrics to Stackdriver.
- SetUpdate Intervalto a value between 1- 60 minutes. This is the frequency at which the firewall publishes the metrics to Stackdriver. The default is 5 minutes.
- ClickOK.
- Committhe changes.Wait until the firewall starts to publish metrics to Stackdriver before you configure alarms for PAN-OS metrics.
- Verify that you can see the metrics on Stackdriver.
- In the Google Cloud Console, select.Products and ServicesMonitoring
- In Stackdriver, choose.ResourcesMetrics Explorer
- Under “Find resource type and metric”, click in the search field and typecustomto filter the PAN-OS metrics.
- Configure alerts and actions for PAN-OS metrics on Stackdriver. See Monitoring Quickstart for Google Compute Engine, and Stackdriver Introduction to Alerting.
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.