: Bootstrap the VM-Series Firewall on OCI
Focus
Focus

Bootstrap the VM-Series Firewall on OCI

Table of Contents

Bootstrap the VM-Series Firewall on OCI

Learn how to bootstrap the VM-Series firewall on OCI.
You can bootstrap new instances of the VM-Series firewall on OCI by creating the necessary files and placing them in an OCI storage bucket.
You must attach the necessary policies required to access the storage bucket, instance-family, virtual-network-family to a dynamic-group on OCI. This is required to make the API calls. Ensure that the VM-Series firewall instance being deployed meets the match criteria of the dynamic group you will create.
  1. Choose a bootstrap method.
  2. Create bootstrap files as described in Prepare the Bootstrap Package.
  3. Log in to the OCI console.
  4. Create an object storage bucket.
    The object storage bucket must be in the same region where you plan to deploy the VM-Series firewall.
  5. Create a Dynamic Group to define the permissions needed to allow the VM-Series firewalls to access the object storage bucket.
  6. Define the policy statements so your VM-Series firewall can access the bootstrap files.
    Your policy must include the following statements.
    Allow dynamic-group <dynamic_group_name> to use instance-family in compartment <compartment_name> Allow dynamic-group <dynamic_group_name> to use virtual-network-family in compartment <compartment_name> Allow dynamic-group <group name> to read buckets in compartment <compartment_name> Allow dynamic-group <group name> to read objects in compartment <compartment_name>
  7. Create folders in your previously created object storage bucket. This folder structure must match the structure of the bootstrap package. You can create the folder structure directly in the storage bucket or, if you have multiple bootstrap packages, you can create a subfolder for each one. Each subfolder must follow the structure of bootstrap package folders.
  8. Launch the VM-Series firewall.
    To deploy the VM-Series firewall using a bootstrap package, deploy the VM-Series firewall as normal. However, instead of adding bootstrap parameters directly in the User Data field, you will instead use the following commands to identify the location of the bootstrap package.
    If your bootstrap package is at the top level of the storage bucket structure, use the following.
    vmseries-bootstrap-oci-bucket=<bucket-name>
    If your storage bucket has bootstrap packages in individual folders, use the following.
    vmseries-bootstrap-oci-bucket=<bucket-name>/<folder-name>