VM-Series Auto Scale Template for AWS Version 2.0

Learn about the VM-Series Auto Scale Template for AWS Version 2.0.
To help you manage increased application scale, version 2.0 of the auto scaling VM-Series firewall template provides a hub and spoke architecture that simplifies deployment. This version of the solution provides two templates that support a single and multi-VPC deployment both within a single AWS account and across AWS accounts.
  • Firewall Template—The firewall template deploys an application load balancer and VM-Series firewalls within auto scaling groups across two Availability Zones (AZs). This internet-facing application load balancer distributes traffic that enters the VPC across the pool of VM-Series firewalls. The VM-Series firewalls automatically publish custom PAN-OS metrics that enable auto scaling.
    Palo Alto Networks officially supports the firewall template, and with a valid support entitlement, you can request assistance from Palo Alto Networks Technical Support.
    cft_2.0_alb_template.png
    The following application template deploys the network load balancer (NLB) depicted in the preceding image.
  • Application Template—The application template deploys a network load balancer and one auto scaling group with a web server in each AZ.
    The application template is community supported. This template is provided as an example to help you get started with a basic web application. For a production environment, either use your own application template or customize this template to meet your requirements.
Together these templates allow you to deploy a load balancer sandwich topology with an internet-facing application load balancer and an internal network load balancer. The application load balancer is accessible from the internet and distributes traffic that enters the VPC across a pool of VM-Series firewalls. The firewalls then route traffic using NAT policy to the internal network load balancer(s), which distributes traffic to an auto scaling tier of web or application servers. The VM-Series firewalls are enabled to publish custom PAN-OS metrics to AWS CloudWatch where you can monitor the health and resource load on the VM-Series firewalls and then use that information to trigger a scale in or scale out event in the respective auto scaling group of firewalls.
cft_2.0_multi-app_multi-vpc_multi-acc.png

Related Documentation