Learn about the VM-Series Auto Scale Template for AWS
To help you manage increased application scale, version
2.0 of the auto scaling VM-Series firewall template provides a hub
and spoke architecture that simplifies deployment. This version
of the solution provides two templates that support a single and
multi-VPC deployment both within a single AWS account and across
—The firewall template deploys
an application load balancer and VM-Series firewalls within auto
scaling groups across two Availability Zones (AZs). This internet-facing
application load balancer distributes traffic that enters the VPC
across the pool of VM-Series firewalls. The VM-Series firewalls automatically
publish custom PAN-OS metrics that enable auto scaling.
Alto Networks officially supports the firewall template, and with
a valid support entitlement, you can request assistance from Palo
Alto Networks Technical Support.
following application template deploys the network load balancer
(NLB) depicted in the preceding image.
—The application template deploys
a network load balancer and one auto scaling group with a web server
in each AZ.
The application template is community supported.
This template is provided as an example to help you get started
with a basic web application. For a production environment, either
use your own application template or customize this template to
meet your requirements.
Together these templates allow you to deploy a load balancer
sandwich topology with an internet-facing application load balancer
and an internal network load balancer. The application load balancer
is accessible from the internet and distributes traffic that enters
the VPC across a pool of VM-Series firewalls. The firewalls then
route traffic using NAT policy to the internal network load balancer(s),
which distributes traffic to an auto scaling tier of web or application
servers. The VM-Series firewalls are enabled to publish custom PAN-OS
metrics to AWS CloudWatch where you can monitor the health and resource
load on the VM-Series firewalls and then use that information to
trigger a scale in or scale out event in the respective auto scaling
group of firewalls.