Launch a new VM-Series firewall in AWS without using the bootstrap files, add a NAT policy rule to ensure that the VM-Series firewall handles traffic properly, and export the configuration to create a new bootstrap.xml file for the CFT.
Option 2: Customize the Bootstrap.xml File
Deploy the VM-Series Firewall in AWS (no bootstrapping required) and use the public IP address to SSH into the Command Line Interface (CLI) of the VM-Series firewall. You will need to configure a new administrative password for the firewall.
Log in to the firewall web interface.
(Optional) Configure the firewall. You can configure the dataplane interfaces, zones and policy rules.
the changes on the firewall.
Export the configuration file and name it as
Device > Setup > Operation > Export Named Configuration Snapshot).
Download the bootstrap.xml file from the GitHub repository, open it with a text editing tool, and copy lines 406 to 435 and 445 to 454. These lines define the NAT policy rule and the address object required for the CFT. If you want to copy and paste the NAT policy rule and address objects, see
NAT Policy Rule and Address Objects in the Auto Scaling Template
Use a text editing tool to open the configuration file you exported earlier.
Search for </security> and paste the lines 406 to 435 after </security>.
Search for <
and paste the lines 445 to 454 after </import>.
Delete the management interface configuration.
Search for </service> and delete the ip-address, netmask and default gateway that follow.
Search for </type> and delete the ip-address, netmask, default gateway, and public-key that follow.