Launch the Application Template (v2.1)

Learn how to launch the application templates.
The application templates allow you to complete the sandwich topology and are provided so that you can evaluate the auto scaling solution. This application template deploys either an application or network load balancer and a pair of web servers behind the auto scaling group of VM-Series firewalls, which you deployed using the firewall template.
Use this template to evaluate the solution but customize your own template to deploy to production. For a custom template, make sure to enable SQS messaging between the Application template and the Firewall template.
When launching the application template, you must select the template based on whether you want to deploy the application template within the same VPC in which you deployed the firewall template or in a separate VPC. See Enable Traffic to the ELB Service (v2.0 and v2.1).
  1. Create an S3 bucket from which you will launch the application template.
    • If this is a cross-account deployment, create a new bucket.
    • If there is one account you can create a new bucket or use the S3 bucket you created earlier (you can use one bucket for everything).
  2. Upload the ilb.zip file into the S3 bucket.
    aws-as-app-s3.png
  3. Select the application launch template you want you launch.
    1. In the AWS Management Console, select CloudFormationCreateStack
    2. Select Upload a template to Amazon S3, to choose the application template to deploy the resources that the template launches within the same VPC as the firewalls, or to a different VPC. Click Open and Next.
    3. Specify the Stack name. The stack name allows you to uniquely identify all the resources that are deployed using this template.
  4. Configure the parameters for the VPC and network load balancer.
    1. Select the two Availability Zones that your setup will span in Select list of AZ. If you are deploying within the same VPC make sure to select the same Availability Zones that you selected for the firewall template.
    2. If deploying to a new VPC enter a CIDR Block for the VPC. The default CIDR is 192.168.0.0/16.
    3. If deploying to the same VPC you will select the previous VPC and use the Trust subnets.
      aws-as-app-vpc-param.png
  5. Select the load balancer type.
    aws-as-app-lb.png
  6. Configure the parameters for Lambda.
    1. Enter the S3 bucket name where ilb.zip is stored.
    2. Enter the name of the zip file name.
    3. Paste the SQS URL that you copied earlier.
    aws-as-app-lambda-param.png
  7. Modify the web server EC2 instance type to meet your needs.
    aws-as-app-webserver-instance.png
  8. Select the EC2 Key pair (from the drop-down) for launching the web servers. To log in to the web servers, you must provide the key pair name and the private key associated with it.
  9. Select the IP address of the network you will be accessing the servers from for management access only. Web traffic comes through the ELBDNS name you copied when you launched the firewall template.
    aws-as-app-web-access.png
  10. Review the template settings and launch the template.
  11. After completion of the application template it can take up to 20 minutes for the web pages to become active.
    1. Verify that the application template load balancer is marked active.
      aws-as-app-lb.png
    2. Verify that Panorama has a NAT object in the device group.
      aws-as-app-dg-nat.png
    3. Verify that Panorama has an address object in the device group.
      aws-as-app-dg-addr.png
    4. Verify that Panorama has static routes in the template stack.
      aws-as-app-stack-route.png
  12. Get the DNS name you saved earlier for the application load balancer and enter it into a web browser.
  13. Upon successful launch your browser should look like this output.
    aws-as-app-congrats.png

Related Documentation