Deploy the VM-Series Firewall Using IBM Cloud Schematics

To deploy the VM-Series firewall using the IBM catalog template, you must first create a VPC network for each interface on the firewall. For instructions on creating a VPC network, see Getting Started with VPC network.
You can deploy the VM-Series Next-Generation Firewall (BYOL) through IBM cloud Schematics. The IBM cloud terraform template deploys an instance of the VM-Series firewall with a minimum of one management interface and two dataplane interfaces. You can add additional dataplane interfaces for up to five IBM cloud instances in your virtual private cloud (VPC).
Before you deploy the VM-Series firewall, you must create or choose a project in your organization and create any networks and subnets that will connect to the firewall. You cannot attach multiple network interfaces to the same VPC network. Every interface you create must have a dedicated network with at least one subnet. Ensure that your networks include any additional dataplane instances you create.
All VM-Series firewall interfaces must be assigned an IPv4 address when deployed in a public cloud environment. IPv6 addresses are not supported.
  1. Locate the VM-Series firewall listing in IBM Cloud Catalog.
    1. Log in to IBM Cloud.
    2. Click
    3. Search for
      Palo Alto Networks VM-Series Firewall - BYOL
      in the IBM Cloud catalog search box.
    4. Click the
      Palo Alto Networks VM-Series Firewall - BYOL
  2. Configure your workspace.
    1. Enter the Deployment Name (this name is displayed in the Deployment Manager). The name must be unique and cannot conflict with any other deployment in the project.
    2. Select a Resource group. For instructions to create a resource group, see Creating a Resource Group.
    3. Enter relevant Tags. Tags help you in identifying your deployment.
  3. Specify the values for following parameters:
    Sample Value
    VM-Series image to be installed.
    pa-vm-kvm-9-1-3-1 or pa-vm-kvm-10-0-6
    VPC region that you want your VPC virtual servers to be provisioned.
    The name of your public SSH key to be used for VSI. For information on creating an SSH key, see Public SSH Key.
    The ID of the subnet (management) which will be associated with the first interface of the VNF instance. Click the subnet details in the VPC Subnet Listing to determine this value.
    The ID of the subnet (data-plane) which will be associated with the second interface of the VNF instance. Click the subnet details in the VPC Subnet Listing to determine this value.
    Name of the VNF instance to be provisioned (lower-case).
    The profile of compute CPU and memory resources to be used when provisioning the vnf instance. For more information, see Instance Profiles.
    The name of the security group to which the VNF Instance's first interface(management) belongs to.
  4. Installing the terraform template.
    1. Click
    2. Navigate to
      IBM cloud
      and choose your workspace to view and edit details related to your workspace.
  5. Accessing the management interface of the VM Series Firewall.
    1. Navigate to
      IBM cloud
      VPC Infrastructure
      Floating IPs
      and copy the Floating IP of your VPC instance on which you have deployed the VM Series Firewall.
    2. Open a browser and enter the IP address in the URL region of the browser prefixing it with https(for example, The VM Series Firewall management interface login screen appears. If you are using a VPN connection, you may have to terminate the connection before connecting to the VM-Series console (URL).
    3. Login to the interface using the following credentials:
      Username: admin
      Password: admin
      You will be prompted to change your password on your first login. You will be able to access the interface only after logging in with the changed password.

Recommended For You