Previously, you had to manually include information such as DNS entries and IP addresses in the init.cfg file when creating a firewall image for your cloud environments. This release adds support for a bootstrapping process that allows you to configure newly deployed firewalls without manually configuring them prior to deployment. This new process associates the firewall with a Panorama managed host to automate the onboarding and configuration of your software firewall.

With this functionality, the bootstrapping process:

• Automatically instantiates, onboards, and configures the firewall instance without prior knowledge of the firewall serial number.
• Automatically onboards the Strata Cloud Manager tenant, which receives the initial configuration and becomes fully operational without manual intervention.

The bootstrapping process requires specific fields to function. For instance, the panorama-server field specifies cloud management for your Panorama host, initiating a TLS connection to the Strata Cloud Manager service edge. Setting the value to cloud initiates a connection to the service edge, while any other value is interpreted as a Panorama IP address or FQDN for a direct Panorama management connection. The value defined for panorama-server-2 is ignored when panorama-server=cloud.

You also need to define the Cloud Management folder using the dgname field, which maps the firewall. The vm-series-auto-registration-pin-id and vm-series-auto-registration-pin-value fields automate firewall instance instantiation by establishing the connection to the Strata Cloud Manager service edge. These PIN ID and PIN value fields are used to request a Thermite certificate, which authenticates the device and builds a secure connection to the cloud service, such as Strata Cloud Manager.