VM-Series Auto Scale Template for AWS Version 2.0
Learn about the VM-Series Auto Scale Template for AWS
Version 2.0.
To help you manage increased application scale, version
2.0 of the auto scaling VM-Series firewall template provides a hub
and spoke architecture that simplifies deployment. This version
of the solution provides two templates that support a single and
multi-VPC deployment both within a single AWS account and across
AWS accounts.
- Firewall Template—The firewall template deploys an application load balancer and VM-Series firewalls within auto scaling groups across two Availability Zones (AZs). This internet-facing application load balancer distributes traffic that enters the VPC across the pool of VM-Series firewalls. The VM-Series firewalls automatically publish custom PAN-OS metrics that enable auto scaling.Palo Alto Networks officially supports the firewall template, and with a valid support entitlement, you can request assistance from Palo Alto Networks Technical Support.
The following application template deploys the network load balancer (NLB) depicted in the preceding image. - Application Template—The application template deploys a network load balancer and one auto scaling group with a web server in each AZ.The application template is community supported. This template is provided as an example to help you get started with a basic web application. For a production environment, either use your own application template or customize this template to meet your requirements.
Together these templates allow you to deploy a load balancer
sandwich topology with an internet-facing application load balancer
and an internal network load balancer. The application load balancer
is accessible from the internet and distributes traffic that enters
the VPC across a pool of VM-Series firewalls. The firewalls then
route traffic using NAT policy to the internal network load balancer(s),
which distributes traffic to an auto scaling tier of web or application
servers. The VM-Series firewalls are enabled to publish custom PAN-OS
metrics to AWS CloudWatch where you can monitor the health and resource
load on the VM-Series firewalls and then use that information to
trigger a scale in or scale out event in the respective auto scaling
group of firewalls.
