Launch a VM-Series firewall on AWS from the
AWS Marketplace using the bootstrap files provided in the GitHub
repository, modify the firewall configuration for your production
environment and export the configuration to create a new bootstrap.xml
file that you can now use for the VM-Series Auto Scaling template.
Add an elastic network interface (ENI) and associate
an elastic IP address (EIP) to it, so that you can access the web
interface on the VM-Series firewall. See Launch
the VM-Series Firewall on AWS for details.
Use the EIP address to log in to the firewall web interface
with admin as the username and password.
Add a secure password for the admin user account (
Local User Database
) Configure the firewall for securing
your production environment.
to verify the firewall
has the NAT policy rule required for the VM-Series Auto Scaling
template. The NAT policy rule is included in the bootstrap.xml file,
and is required to avoid blackholing traffic. The NAT policy rule
routes traffic to the internal ELB and ensures symmetric return
of the traffic from the web servers.
the changes on the firewall.
Generate a new API key for
the administrator account. Copy this new key to a new file. You
will need to enter this API key when you launch the VM-Series Auto
Scaling template; the AWS services use the API key to deploy the
firewall and to publish metrics for auto scaling.
Export the configuration file and save it as
Export Named Configuration
Open the bootstrap.xml file with a text editing tool
and delete the management interface configuration.
Required if you exported a PAN-OS 8.0 configuration
Ensure that the setting to validate the Palo Alto Networks servers
is disabled. Look for