Use the GitHub Bootstrap Files as Seed

AWS Auto Scale Version 2.0 bootstrap process.
Launch a VM-Series firewall on AWS from the AWS Marketplace using the bootstrap files provided in the GitHub repository, modify the firewall configuration for your production environment. Then, export the configuration to create a new bootstrap.xml file that you can now use for the VM-Series Auto Scaling template.
  1. To launch the firewall see Bootstrap the VM-Series Firewall on AWS.
  2. Add an elastic network interface (ENI) and associate an elastic IP address (EIP) to it, so that you can access the web interface on the VM-Series firewall. See Launch the VM-Series Firewall on AWS for details.
  3. Use the EIP address to log in to the firewall web interface with admin as the username and password.
  4. Add a secure password for the admin user account (DeviceLocal User DatabaseUsers).
  5. (Optional) Configure the firewall for securing your production environment.
  6. Commit the changes on the firewall.
  7. Generate a new API key for the administrator account. Copy this new key to a new file. You will need to enter this API key when you launch the VM-Series Auto Scaling template; the AWS services use the API key to deploy the firewall and to publish metrics for auto scaling.
  8. Export the configuration file and save it as bootstrap.xml. (DeviceSetupOperationExport Named Configuration Snapshot).
  9. Open the bootstrap.xml file with a text editing tool and delete the management interface configuration.
    cft_2.0_bootstrap_mgmt_ip.png
  10. (Required if you exported a PAN-OS 8.0 configuration) Ensure that the setting to validate the Palo Alto Networks servers is disabled. Look for <server-verification>no</server-verification>.
  11. If the check is yes, change it to no.
  12. Save the file. You can now proceed with Launch the VM-Series Auto Scaling Template for AWS (v2.0).

Related Documentation