Enable VM-Series Integration with a Gateway Load Balancer
When integrating the VM-Series firewall
with a GWLB, you must first enable the VM-Series firewall to properly
process traffic redirected to the firewall by the GWLB endpoints.
You can enable this functionality using the VM-Series firewall CLI, through
the VM-Series bootstrapping package, or the user-data field in the
AWS console.
VM-Series firewall deployment with a GWLB requires:
VM-Series plugin 2.0.2 or later
Panorama 10.0.2 or later if you using Panorama to manage
your firewalls
The table below lists the commands required to enable GWLB traffic
inspection and associate a subinterface with a VPC endpoint. Operation
commands can be used in the a bootstrapping init-cfg.txt file or
in the user-data field in the AWS console.
Bootstrap Parameter | CLI Command | Description |
mgmt-interface-swap=enable | set system setting mgmt-interface-swap enable yes
This
command requires the firewall to reboot before taking effect.
| Swaps eth0 and eth1. Eth0 becomes a data
interface and eth1 becomes the management interface. |
plugin-op-commands=aws-gwlb-inspect:enable | request plugins vm_series aws gwlb inspect
enable <yes/no> | Enables the VM-Series firewall to process
traffic passing through a GWLB. |