: VM-Series Auto Scaling Templates for AWS Version 2.0
Focus
Focus

VM-Series Auto Scaling Templates for AWS Version 2.0

Table of Contents
End-of-Life (EoL)

VM-Series Auto Scaling Templates for AWS Version 2.0

Learn about the VM-Series Auto Scaling template for AWS Version 2.0.
To help you manage increased application scaling, version 2.0 of the auto scaling VM-Series firewall template provides a hub and spoke architecture that simplifies deployment. This version of the solution provides two templates that support a single and multiple-VPC deployment both within a single AWS account and across multiple AWS accounts.
  • Firewall Template—The firewall template deploys an application load balancer (ALB) and VM-Series firewalls within auto scaling groups across two Availability Zones (AZs). This internet-facing ALB distributes traffic that enters the VPC across a pool of VM-Series firewalls. The VM-Series firewalls automatically publish custom PAN-OS metrics that enable auto scaling.
    Palo Alto Networks officially supports the firewall template and, with a valid support entitlement, you can request assistance from Palo Alto Networks Technical Support.
    The following application template deploys the network load balancer depicted in the preceding image.
  • Application Template—The application template deploys a network load balancer (NLB) and one auto scaling group (ASG) with a web server in each AZ.
    The application template is community supported. This template is provided as an example to help you get started with a basic web application. For a production environment, either use your own application template or customize this template to meet your requirements.
These templates allow you to deploy a load balancer sandwich topology with an internet-facing ALB and an internal NLB. The ALB is accessible from the internet and distributes traffic that enters the VPC across a pool of VM-Series firewalls. The firewalls then route traffic using NAT policy to NLBs, which distributes traffic to an auto scaling tier of web or application servers. The VM-Series firewalls are enabled to publish custom PAN-OS metrics to AWS CloudWatch where you can monitor the health and resource load on the VM-Series firewalls and then use that information to trigger auto scaling events in the appropriate ASGs on firewalls.