We strive to solve customer problems in an innovative manner that doesn't slow business productivity. The core features of our next-generation firewall solved the inadequacies of port-based filtering. WildFire and AutoFocus delivered on the promise of a global threat intelligence cloud, preventing unknown threats and helping customers make actionable the intelligence gathered to more effectively protect their network.
Now comes a new feature set for our VM-Series on Amazon Web Services (AWS) that natively integrates with AWS Auto Scaling and Elastic Load Balancing (ELB), allowing the VM-Series on AWS to scale dynamically, yet independently of fluctuating AWS workloads. Auto Scaling the VM-Series on AWS leverages two load balancers, effectively creating a load balancer sandwich that enables VM-Series firewalls to scale independently of AWS workloads, based on metrics.
Palo Alto Networks worked with the AWS team to design a solution that uses native AWS services and standard VM-Series (PAN-OS) automation features to dynamically, yet independently, scale the VM-Series on AWS as protected workload demands fluctuate. Here’s a bit more detail on the solution components and how they are used:
How It Works
The AWS CloudFormation Template deploys an initial VM-Series firewall Auto Scaling Group using a bootstrapped image stored in AWS S3. The VM-Series bootstrapped image can also automatically attach the VM-Series firewall to Panorama if it has been deployed.
As traffic hitting your web server increases, CloudWatch monitors the traffic, initiating alarms based on user-defined metrics and, ultimately, the addition of a new web server. As the web server traffic increases, so too does the VM-Series traffic, which is where Lambda comes in to play. Lambda collects VM-Series metrics via the XML API and feeds them to CloudWatch as custom metrics, triggering a VM-Series scale-out event using the bootstrapped VM-Series firewall image. As traffic to the web server winds down, a scale-in event is triggered based on defined CloudWatch metrics, and the VM-Series is removed.
The Auto Scaling the VM-Series on AWS feature set is production ready, meaning if you use the scripts and templates as they are designed and run into a challenge, you can call the support team for assistance.
To learn more about the innovative way in which we solved the scaling challenge:
Auto Scaling the VM-Series on AWS uses AWS Marketplace Bundle 1 or Bundle 2, in either an annual or an hourly subscription. BYOL is not supported for Auto Scaling the VM-Series on AWS.