VM-Series Auto Scaling Group with AWS Gateway Load Balancer
The Palo Alto Networks auto scaling template for AWS
help you integrate and configure the VM-Series firewall with a GWLB to
protect applications deployed in AWS. The template leverage AWS
scalability features to independently and automatically scale VM-Series
firewalls deployed in AWS to meet surges in application workload
resource demand.
These templates are
community supported
.
This solution provides a security VPC template and an application
template. The security VPC template deploys the VM-Series firewall
auto scaling group, a GWLB, a GWLBE, GWLBE subnet, security attachment
subnet, and a NAT gateway for each availability zone. Download the
CloudFormation templates from the Palo Alto Networks GitHub Repository.
The VM-Series Auto Scaling template for integration with an AWS
GWLB includes the following building blocks:
All VM-Series
firewall interfaces must be assigned an IPv4 address when deployed
in a public cloud environment. IPv6 addresses are not supported.
Building Block | Description |
---|---|
PAN Components |
|
Firewall template (Community supported template) | Based on the number of availability zones
(AZs) you choose, the firewall-new-vpc-v3.0.template deploys
the following:
The
VPC CIDR for the firewall template should be larger than /23. Due
to the many variations in a production environment that includes
but is not limited to a specific number components, such as subnets,
availability zones, route tables, and security groups. You must
deploy the firewall-new-vpc-v3.0.template in
a new VPC.VM-Series Auto Scaling template for AWS does
not deploy a transit gateway or Panorama. You must deploy a transit
gateway and Panorama before launching firewall-new-vpc-v3.0.template. |
Application template (Community supported template) | Based on the number of availability zones
(AZs) you choose, the panw-aws-app-v3.0.template deploys
the following:
The
VPC CIDR for the application template should be larger than /23. The
application template is intended to be used as an example for validating
the security template. |
Lambda functions | AWS Lambda provides robust, event-driven
automation without the need for complex orchestration software.
In addition to deploying the components described in the rows above,
the firewall-new-vpc-v3.0.template performs
the following functions:
|
Bootstrap files The bootstrap.xml file
provided in the GitHub repository is provided for testing and evaluation
only. For a production deployment, you must modify the sample credentials
in the bootstrap.xml prior to launch. | This solution requires the init-cfg.txt
file and the bootstrap.xml file so that the VM-Series firewall has
the basic configuration for handling traffic.
|
If you need to delete these templates
from AWS, always delete the application template first. Attempting
to delete the firewall template causes the deletion to fail.
Recommended For You
Recommended Videos
Recommended videos not found.