View the Deployment Status

View the status of the current deployments.
If there is an entry in the
Deployment Status
column, click the hyperlink to view the deployment details.
The possible status messages are:
  • Commit changes
    —You have added a deployment for the first time but have not yet committed the changes.
    Every configuration change for the deployment must be committed so that the plugin can pick up your changes.
  • Deploying
    —The plugin is deploying or updating the deployment. For more information, click the hyperlink to view the detailed status.
  • Failure
    —Deployment has failed. Click the hyperlink and view the
    Detailed Status
    for the Security stack.
  • Not Deployed
    —The plugin is ready to deploy the configuration, but the deployment has not begun.
  • Success
    —The plugin has successfully deployed the Security stack and the firewalls have connected to Panorama. The firewalls can pass traffic.
  • Warning
    —Deployment has successfully finished but something external to the deployment has failed. For example, you might see this message:
    FWs have not connected after 20 minutes of the deployment completing.
    Click the hyperlink and view the Security stack.
Once the deployment is deployed, the plugin allows you to modify a certain subset of parameters. Once the changes have been made, you must do a commit before clicking the
Redeploy
button. When an update happens, the plugin makes sure the Panorama config is created and accurate. It redeploys the CFT to apply any changes, and attach or detach from the configured TGW (if this configuration was modified).
  • Deploy
    —After you commit your initial configuration, select
    Deploy
    to launch the deployment.
  • Redeploy
    —Modify a deployment, commit your changes, and select
    Redeploy
    .
    You must commit changes to the deployment before you click
    Redeploy
    .
  • Undeploy
    —Delete a deployment, but keep the configuration so it can be redeployed at a later time.
To remove an existing deployment and its configuration, check a deployment and select
Delete
at the bottom of the
Deployments
page.

Detailed Status

To access the
Detailed Status
, click the hyperlink in the
Deployment Status
column. From the detailed status you can learn where to apply configuration, view the error message from a stack failure, or view the deployment status when it is deploying.
  • Name
    —The deployment name.
  • Status
    —See Deployment Status for description of each status.
  • Detail
    —Details on the deployment you selected in
    Deployment Status
    . For example, if the deployment was successful, displays the date and time of the deployment, or if there was a stack failure, displays an error message.
  • Policy Device Group
    —The plugin can create a policy device group for your deployment or you can choose an existing device group to act as the policy device group for a specific deployment.
  • Config Device Group
    —The plugin creates a configuration device group as a child of the policy device group. The plugin puts configuration information for the deployment in the config device group, ensuring that your policy device group remains untouched if you remove the deployment.
    Do not put policy information in the config device group.
  • Template Stack
    —Displays the template stack associated with the VM-Series firewall. Any custom configuration is applied to this template stack.
  • External IP
    —Displays the public IP addresses of the NAT Gateways in the Security VPC, one for each availability zone. The outbound public IP addresses are used for all outbound traffic from the deployment, and for outbound traffic from the VM-Series firewall management interface.
    To allow firewalls to connect to Panorama, the outbound public IP addresses must be whitelisted in your Panorama security group.
  • CloudFormation Link
    —This link opens the AWS console to display the current stack in the Cloud Formation services section. You can see where the stack is deployed and debug issues with the deployment.
  • CloudWatch Link
    —This link opens the AWS console to display
    PaloAltoNetworkFirewalls
    logs and log groups related to the firewall.
  • AutoScalingGroup Link
    —This link opens the AWS console to display the details of the ASG associated with the deployment, and list of instances under the ASG. You can view logs associated with these instances on
    CloudWatch Link
    .
  • Endpoint Service Name
    —The GWLB Endpoint name created as part of the deployment. For example, com.amazonaws.vpce.us-east-1.vpce-svc-0d00ebcb0000dc000.
  • Cloudformation Stack Name
    — For example mynw-aws2-virgexstdg0-c0b0f.

Recommended For You