Create a Custom Amazon Machine Image (AMI)
Learn how creating a custom Amazon Machine Image (AMI)
can speed your deployment process.
A custom VM-Series AMI gives you the consistency
and flexibility to deploy a VM-Series firewall with the PAN-OS version
you want to use on your network instead of being restricted to using
only an AMI that is published to the AWS public Marketplace or to
the AWS GovCloud Marketplace. Using a custom AMI speeds up the process
of deploying a firewall with the PAN-OS version of your choice because
it reduces the time to provision the firewall with an AMI published
on the AWS public or AWS GovCloud marketplace, and then performing
software upgrades to get to the PAN-OS version you have qualified
or want to use on your network. Additionally, you can then use the
custom AMI in the Auto Scaling VM-Series Firewalls CloudFormation
Templates or any other templates that you have created.
You
can create a custom AMI with the BYOL, Bundle 1, or Bundle 2 licenses.
The process of creating a custom AMI requires you to remove all
configuration from the firewall and reset it to factory defaults,
so in this workflow you’ll launch a new instance of the firewall
from the AWS Marketplace instead of using an existing firewall that
you have fully configured.
When creating a custom AMI
with a BYOL version of the firewall, you must first activate the
license on the firewall so that you can access and download PAN-OS
software updates to upgrade your firewall, and then deactivate the
license on the firewall before you reset the firewall to factory
defaults and create the custom AMI. If you do not deactivate the
license, you lose the license that you applied on this firewall
instance.
- Launch the VM-Series firewall from the Marketplace.See 3
- (Only for BYOL)Activate the license.
- Install software updates and upgrade the firewall to the PAN-OS version you plan to use.
- (Only for BYOL)Deactivate the license.
- Perform a private data reset.The system disks are not erased, so the content updates from Step 4 are intact.A private data reset removes all logs and restores the default configuration.
- Access the firewall CLI.
- Remove all logs and restore the default configuration.request system private-data-resetEnteryto confirm.The firewall reboots to initialize the default configuration.
- Create the custom AMI.
- Log in to the AWS Console and select the EC2 Dashboard.
- Stopthe VM-Series firewall.
- Select the VM-Series firewall instance, and click.ImageCreate Image
- Enter a custom image name, and clickCreate Image.The disk space of 60GB is the minimum requirement.
- Verify that the custom AMI is created and has the correct product code.
- On the EC2 Dashboard, selectAMI.
- Select the AMI that you just created. Depending on whether you selected an AMI with the BYOL, Bundle 1, or Bundle 2 licensing options, you should see one of the followingProduct Codesin the details:
- BYOL—6njl1pau431dv1qxipg63mvah
- Bundle 1—6kxdw3bbmdeda3o6i1ggqt4km
- Bundle 2—806j2of0qy5osgjjixq9gqc6g
- If you plan to use the custom AMI with EBS encryption for an Auto Scaling VM-Series Firewalls with the Amazon ELB Service deployment, you must use the default master key for your AWS account.
- Configure the administrative password on the firewall.See 4
Recommended For You
Recommended Videos
Recommended videos not found.