: Enable VM-Series Integration with a Gateway Load Balancer
Focus
Focus

Enable VM-Series Integration with a Gateway Load Balancer

Table of Contents

Enable VM-Series Integration with a Gateway Load Balancer

When integrating the VM-Series firewall with a GWLB, you must first enable the VM-Series firewall to properly process traffic redirected to the firewall by the GWLB endpoints. You can enable this functionality using the VM-Series firewall CLI, through the VM-Series bootstrapping package, or the user-data field in the AWS console.
VM-Series firewall deployment with a GWLB requires:
  • PAN-OS 10.0.2 or later
  • VM-Series plugin 2.0.2 or later
  • Panorama 10.0.2 or later if you using Panorama to manage your firewalls
The table below lists the commands required to enable GWLB traffic inspection with a VPC endpoint. Operation commands can be used in the a bootstrapping init-cfg.txt file or in the user-data field in the AWS console.
Bootstrap ParameterCLI CommandDescription
op-command-modes=mgmt-interface-swap
op-command-modes=mgmt-interface-swap
This command requires the firewall to reboot before taking effect.
Swaps eth0 and eth1. GWLB by default, sends traffic only to Eth0 of its target instances. By swapping, Eth0 becomes the data interface and eth1 becomes the management interface.
plugin-op-commands=aws-gwlb-inspect:enable
request plugins vm_series aws gwlb inspect enable <yes/no>
Enables the VM-Series firewall to process traffic passing through a GWLB.