Auto Scale VM-Series Firewalls with the Amazon ELB
Palo Alto Networks delivers CloudFormation Templates for deploying an auto-scaling tier of VM-Series firewalls using several AWS services such as Lambda, auto scaling groups, Elastic Load Balancing (ELB), S3, SNS, and CloudWatch, and the VM-Series automation capabilities including the PAN-OS API and bootstrapping. The templates (latest is vpc-classic-v1.2.template and vpc-alb-v1.2.template) allow you to leverage the AWS scalability features designed to manage sudden surges in demand for application workload resources by simultaneously scaling the VM-Series firewalls with changing workloads.
The templates deploy the VM-Series in an ELB sandwich topology with an internet-facing classic ELB and an either an internal classic load balancer or an internal application load balancer (internal ELB). The internet-facing ELB is accessible from the internet and distributes traffic that enters the VPC across a pool of VM-Series firewalls. The firewalls then redirect traffic using NAT policy to the internal ELB. The internal ELB, which is only accessible inside the VPC, distributes traffic to an auto scaling tier of web servers. The API integration with AWS CloudWatch allows the CloudWatch service to monitor the health and resource load on the EC2 instances—VM-Series firewalls and web servers—and then use that information to trigger a scale in or scale out event in the respective Auto Scaling Group (ASG).
- What Components Does the VM-Series Auto Scaling Template for AWS Deploy?
- How Does the VM-Series Auto Scaling Template for AWS Enable Dynamic Scaling?
- Plan the VM-Series Auto Scaling Template for AWS
- Launch the VM-Series Auto Scaling Template for AWS
- Customize the Bootstrap.xml File
- NAT Policy Rule and Address Objects in the Auto Scaling Template
- Stack Update with VM-Series Auto Scaling Template for AWS (v1.2)
- Modify Administrative Account and Update Stack
- Troubleshoot the VM-Series Auto Scaling Template for AWS