: Customize the Firewall Template Before Launch (v2.0 and v2.1)
Focus
Focus

Customize the Firewall Template Before Launch (v2.0 and v2.1)

Table of Contents

Customize the Firewall Template Before Launch (v2.0 and v2.1)

Lists the settings you can modify before you launch the template
To simplify the deployment workflow, the firewall displays a limited set of parameters for which you need to provide inputs when launching the template. If you would like to view and customize other options included in the template, you can use a text editing tool such as Notepad or Visual Studio Code to specify values that you prefer before you launch the VM-Series Auto Scaling template for AWS v2.0 or 2.1.
Use the following table to view the list of parameters that you are allowed to customize for your deployment of the auto scaling firewall template for AWS. Modifying parameters from this list is within the official support policy of Palo Alto Networks through the support options that you've purchased.
ParameterDescriptionDefault Value
CIDR Block for the VPC
The IP address space that you want to use for the VPC.
The subnets you modify below must belong to this VPC CIDR block and be unique.
192.168.0.0/16
Management Subnet CIDR Block
Comma-delimited list of CIDR blocks for the management subnet of the firewalls.
192.168.0.0/24, 192.168.10.0/24
Untrust Subnet CIDR Block
Comma-delimited list of CIDR blocks for the Untrust subnet.
192.168.1.0/24, 192.168.11.0/24
Trust Subnet CIDR Block
Comma-delimited list of CIDR blocks for the Trust subnet.
192.168.2.0/24, 192.168.12.0/24
NAT Gateway Subnet CIDR Block
Comma-delimited list of CIDR blocks for the AWS NAT Gateway.
192.168.100.0/24, 192.168.101.0/24
Lambda Subnet CIDR Block
Comma-delimited list of CIDR blocks for the Lambda functions.
192.168.200.0/24, 192.168.201.0/24
Firewall Instance size
AWS Instance Types and size that you want for the VM-Series firewalls in your deployment.
M4.xlarge
Choose your Scaling Parameter
You do not need to modify the template for the scaling parameter. You can set AWS CloudWatch alarms on the AWS console for one or more custom PAN-OS metrics on which you want to trigger autoscaling.
The template publishes all the following metrics to AWS CloudWatch:
  • CPU—DataPlane CPU Utilization
  • AS—Active Sessions
  • SU—Session Utilization
  • SSPU—SSL Proxy Utilization
  • GPU—GlobalProtect Gateway Utilization
  • GPAT—GlobalProtect Gateway Utilization ActiveTunnels
  • DPB—Dataplane Packet Buffer Utilization
Dataplane CPU Utilization
Choose time in seconds for Scaling Period
The period in seconds over which the average statistic is applied. Must be a multiple of 60.
900
Maximum VM-Series Instances
Maximum number of VM-Series firewalls in the auto scaling group.
3
Minimum VM-Series Instances
Minimum number of VM-Series firewalls in the auto scaling group.
1
ScaleDown threshold value in percentage/value
Value at which a scale in event is triggered.
20
ScaleUp threshold value in percentage/value
Value at which scale out event is triggered.
80