1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up the VM-Series Firewall on AWS
    5. Auto Scaling VM-Series Firewalls with the Amazon ELB Service
    6. VM-Series Auto Scaling Templates for AWS Version 2.0

    VM-Series Auto Scaling Templates for AWS Version 2.0

    Learn about the VM-Series Auto Scaling template for AWS Version 2.0.
    To help you manage increased application scaling, version 2.0 of the auto scaling VM-Series firewall template provides a hub and spoke architecture that simplifies deployment. This version of the solution provides two templates that support a single and multiple-VPC deployment both within a single AWS account and across multiple AWS accounts.
    • Firewall Template
      —The firewall template deploys an application load balancer (ALB) and VM-Series firewalls within auto scaling groups across two Availability Zones (AZs). This internet-facing ALB distributes traffic that enters the VPC across a pool of VM-Series firewalls. The VM-Series firewalls automatically publish custom PAN-OS metrics that enable auto scaling.
      Palo Alto Networks officially supports the firewall template and, with a valid support entitlement, you can request assistance from Palo Alto Networks Technical Support.
      The following application template deploys the network load balancer depicted in the preceding image.
    • Application Template
      —The application template deploys a network load balancer (NLB) and one auto scaling group (ASG) with a web server in each AZ.
      The application template is community supported. This template is provided as an example to help you get started with a basic web application. For a production environment, either use your own application template or customize this template to meet your requirements.
    These templates allow you to deploy a load balancer sandwich topology with an internet-facing ALB and an internal NLB. The ALB is accessible from the internet and distributes traffic that enters the VPC across a pool of VM-Series firewalls. The firewalls then route traffic using NAT policy to NLBs, which distributes traffic to an auto scaling tier of web or application servers. The VM-Series firewalls are enabled to publish custom PAN-OS metrics to AWS CloudWatch where you can monitor the health and resource load on the VM-Series firewalls and then use that information to trigger auto scaling events in the appropriate ASGs on firewalls.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo