VM-Series Auto Scaling Templates for AWS Version 2.0
Learn about the VM-Series Auto Scaling template for AWS
To help you manage increased application scaling, version
2.0 of the auto scaling VM-Series firewall template provides a hub
and spoke architecture that simplifies deployment. This version
of the solution provides two templates that support a single and
multiple-VPC deployment both within a single AWS account and across multiple
—The firewall template deploys
an application load balancer (ALB) and VM-Series firewalls within
auto scaling groups across two Availability Zones (AZs). This internet-facing
ALB distributes traffic that enters the VPC across a pool of VM-Series
firewalls. The VM-Series firewalls automatically publish custom
PAN-OS metrics that enable auto scaling.
Palo Alto Networks
officially supports the firewall template and, with a valid support
entitlement, you can request assistance from Palo Alto Networks
following application template deploys the network load balancer
depicted in the preceding image.
—The application template deploys
a network load balancer (NLB) and one auto scaling group (ASG) with
a web server in each AZ.
The application template is community
supported. This template is provided as an example to help you get
started with a basic web application. For a production environment,
either use your own application template or customize this template
to meet your requirements.
These templates allow you to deploy a load balancer sandwich
topology with an internet-facing ALB and an internal NLB. The ALB
is accessible from the internet and distributes traffic that enters
the VPC across a pool of VM-Series firewalls. The firewalls then
route traffic using NAT policy to NLBs, which distributes traffic
to an auto scaling tier of web or application servers. The VM-Series
firewalls are enabled to publish custom PAN-OS metrics to AWS CloudWatch
where you can monitor the health and resource load on the VM-Series
firewalls and then use that information to trigger auto scaling
events in the appropriate ASGs on firewalls.