1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up the VM-Series Firewall on AWS
    5. VM-Series Integration with an AWS Gateway Load Balancer
    6. VM-Series Auto Scaling Group with AWS Gateway Load Balancer
    7. Launch the Application Template

    Launch the Application Template

    Learn how to launch the application templates.
    Complete the following procedure to launch the application template.
    1. Create an S3 bucket from which you will launch the application template.
      • If this is a cross-account deployment, create a new bucket.
      • If there is one account you can create a new bucket or use the S3 bucket you created earlier (you can use one bucket for everything).
    2. Upload the app.zip file into the S3 bucket.
    3. Select the application launch template you want you launch.
      1. In the AWS Management Console, select
        CloudFormation
        CreateStack
      2. Select Upload a template to Amazon S3, to choose the application template to deploy the resources that the template launches within the same VPC as the firewalls, or to a different VPC. Click
        Open
         and
        Next
        .
      3. Specify the Stack name. The stack name allows you to uniquely identify all the resources that are deployed using this template.
    4. Select the Availability Zones (AZ) that your setup will span in Select list of AZ.
    5. Enter a descriptive
      VPC Name
      .
    6. Configure the parameters for Lambda.
      1. Enter the S3 bucket name where app.zip is stored.
      2. Enter the name of the zip file name.
    7. Select the EC2 instance type for the Ubuntu web server launched by this template.
    8. Enter your Amazon EC2 key pair.
    9. Enter the name of the service configuration (Service Name) for the GWLB endpoint in the security VPC.
      1. Select
        DynamoDB
         from the
        Services
         drop-down in the AWS console.
      2. Select
        Tables
         and locate your security VPC table. The table name will be <stack name>-gwlb-<region>. For example—cft-deployment-gwlb-us-east-1.
      3. Click the Items tab and copy the Service Name.
      4. Paste the Service Name into the application template configuration parameters.
    10. Enter the transit gateway ID. This is the same transit gateway you created before deploying the firewall template.
    11. Review the template settings and launch the template.
    12. After the application has been deployed, you must add a route to the transit gateway route table to enable east-west and outbound traffic inspection.
      1. Log in to the AWS VPC console.
      2. Select
        Transit Gateway Route Tables
         and choose your transit gateway route table. This route table is created by the template and is called
        <app-stack-name>-<region>-PANWAppAttRt
        .
      3. Select
        Routes
         and click
        Create static route
        .
      4. Enter 0.0.0.0/0 in the
        CIDR
         field.
      5. From the
        Choose attachment
         drop-down, select the VM-Series firewall VPC attachment.
      6. Click
        Create static route
        .
    13. (
      Optional
      ) Create a bastion host (also called a jump box) to access the web server created by the application template.
      1. Create a public-facing subnet in your application VPC.
      2. Add a route to this subnet from your IP address to the internet gateway.
      3. Create a new EC2 instance in the public subnet with a public IP address.
      4. Create a security group for this EC2 instance that allows SSH from your IP address.

    Recommended For You

    Recommended Videos

    Recommended videos not found.