1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up the VM-Series Firewall on AWS
    5. Auto Scaling VM-Series Firewalls with the Amazon ELB Service
    6. VM-Series Auto Scaling Templates for AWS Version 2.0
    7. Customize the Firewall Template Before Launch (v2.0 and v2.1)

    Customize the Firewall Template Before Launch (v2.0 and v2.1)

    Lists the settings you can modify before you launch the template
    To simplify the deployment workflow, the firewall displays a limited set of parameters for which you need to provide inputs when launching the template. If you would like to view and customize other options included in the template, you can use a text editing tool such as Notepad or Visual Studio Code to specify values that you prefer before you launch the VM-Series Auto Scaling template for AWS v2.0 or 2.1.
    Use the following table to view the list of parameters that you are allowed to customize for your deployment of the auto scaling firewall template for AWS. Modifying parameters from this list is within the official support policy of Palo Alto Networks through the support options that you've purchased.
    Parameter
    Description
    Default Value
    CIDR Block for the VPC
    The IP address space that you want to use for the VPC.
    The subnets you modify below must belong to this VPC CIDR block and be unique.
    192.168.0.0/16
    Management Subnet CIDR Block
    Comma-delimited list of CIDR blocks for the management subnet of the firewalls.
    192.168.0.0/24, 192.168.10.0/24
    Untrust Subnet CIDR Block
    Comma-delimited list of CIDR blocks for the Untrust subnet.
    192.168.1.0/24, 192.168.11.0/24
    Trust Subnet CIDR Block
    Comma-delimited list of CIDR blocks for the Trust subnet.
    192.168.2.0/24, 192.168.12.0/24
    NAT Gateway Subnet CIDR Block
    Comma-delimited list of CIDR blocks for the AWS NAT Gateway.
    192.168.100.0/24, 192.168.101.0/24
    Lambda Subnet CIDR Block
    Comma-delimited list of CIDR blocks for the Lambda functions.
    192.168.200.0/24, 192.168.201.0/24
    Firewall Instance size
    AWS Instance Types and size that you want for the VM-Series firewalls in your deployment.
    M4.xlarge
    Choose your Scaling Parameter
    You do not need to modify the template for the scaling parameter. You can set AWS CloudWatch alarms on the AWS console for one or more custom PAN-OS metrics on which you want to trigger autoscaling.
    The template publishes all the following metrics to AWS CloudWatch:
    • CPU—DataPlane CPU Utilization
    • AS—Active Sessions
    • SU—Session Utilization
    • SSPU—SSL Proxy Utilization
    • GPU—GlobalProtect Gateway Utilization
    • GPAT—GlobalProtect Gateway Utilization ActiveTunnels
    • DPB—Dataplane Packet Buffer Utilization
    Dataplane CPU Utilization
    Choose time in seconds for Scaling Period
    The period in seconds over which the average statistic is applied. Must be a multiple of 60.
    900
    Maximum VM-Series Instances
    Maximum number of VM-Series firewalls in the auto scaling group.
    3
    Minimum VM-Series Instances
    Minimum number of VM-Series firewalls in the auto scaling group.
    1
    ScaleDown threshold value in percentage/value
    Value at which a scale in event is triggered.
    20
    ScaleUp threshold value in percentage/value
    Value at which scale out event is triggered.
    80

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2020 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo