Change Scaling Parameters and CloudWatch Metrics (v2.1)

This task describes how to use PAN-OS metrics as scaling parameters to trigger autoscale actions.
This task describes how to use custom PAN-OS metrics as scaling parameters to trigger auto scale actions.
When you launch the firewall template, the template creates a namespace with scale-in and scale-out policies that you can use to define auto scaling actions. The policy names include the namespace, as shown below:
  • <Custom Namespace>-scalein - Remove 1 instance
  • <Custom Namespace>-scaleout - Add 1 instance
Each PAN-OS metric has a default notification that you can delete and replace with auto scale actions. For each metric, create two actions: one that determines when to add a VM-Series firewall, and another that determines when to remove a VM-Series firewall.
  1. In AWS, select
    Services
    CloudWatch
    Metrics
    .
  2. Choose a
    Custom Namespace
    link, and select the metrics link to view the custom PAN-OS metrics.
    aws-as-all-metrics.png
  3. Check a box to select a metric, then select the
    Graphed metrics
    tab.
    1. In the
      Statistics
      column, choose a statistic criteria (such as average, minimum and maximum) and choose a time period.
    2. In the
      Actions
      column select the bell (Create alarm).
  4. Define an alarm that removes a firewall when CPU utilization meets or falls below the criteria you set, over the time frame you set.
    1. Select
      Edit
      to change the graph title.
    2. Under
      Alarm details
      fill in the
      Name
      and
      Description
      , choose an operator, and set the minimum value to maintain the current instances. If the minimum value is not maintained, an instance is removed.
    3. Under
      Actions
      ,
      delete
      the default notification.
    4. Select
      +AutoScaling Action
      .
      • Use the
        From the
        list to select your namespace.
      • From
        Take this action
        , select the policy to remove an instance.
        aws-as-actions.png
    5. Select
      Create Alarm
      .
  5. Create a second alarm that adds a firewall when CPU utilization meets or exceeds the criteria you set.
  6. To view your alarms, select
    Services
    CloudWatch
    Alarms
    .
    aws-as-alarms.png
    To edit an alarm from this window, check the box next to the alarm and select
    Action
    Edit
    .

Recommended For You