VM-Series Deployment Guide
    : Launch the Application Template
    Focus
    Download PDF
    Focus
    1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up the VM-Series Firewall on AWS
    5. VM-Series Integration with an AWS Gateway Load Balancer
    6. VM-Series Auto Scaling Group with AWS Gateway Load Balancer
    7. Launch the Application Template
    Download PDF

    VM-Series Deployment Guide

    Launch the Application Template

    Table of Contents

    Launch the Application Template

    Learn how to launch the application templates.
    Complete the following procedure to launch the application template.
    1. Create an S3 bucket from which you will launch the application template.
      • If this is a cross-account deployment, create a new bucket.
      • If there is one account you can create a new bucket or use the S3 bucket you created earlier (you can use one bucket for everything).
    2. Upload the app.zip file into the S3 bucket.
    3. Select the application launch template you want you launch.
      1. In the AWS Management Console, select CloudFormationCreateStack
      2. Select Upload a template to Amazon S3, to choose the application template to deploy the resources that the template launches within the same VPC as the firewalls, or to a different VPC. Click Open and Next.
      3. Specify the Stack name. The stack name allows you to uniquely identify all the resources that are deployed using this template.
    4. Select the Availability Zones (AZ) that your setup will span in Select list of AZ.
    5. Enter a descriptive VPC Name.
    6. Configure the parameters for Lambda.
      1. Enter the S3 bucket name where app.zip is stored.
      2. Enter the name of the zip file name.
    7. Select the EC2 instance type for the Ubuntu web server launched by this template.
    8. Enter your Amazon EC2 key pair.
    9. Enter the name of the service configuration (Service Name) for the GWLB endpoint in the security VPC.
      1. Select DynamoDB from the Services drop-down in the AWS console.
      2. Select Tables and locate your security VPC table. The table name will be <stack name>-gwlb-<region>. For example—cft-deployment-gwlb-us-east-1.
      3. Click the Items tab and copy the Service Name.
      4. Paste the Service Name into the application template configuration parameters.
    10. Enter the transit gateway ID. This is the same transit gateway you created before deploying the firewall template.
    11. Review the template settings and launch the template.
    12. After the application has been deployed, you must add a route to the transit gateway route table to enable east-west and outbound traffic inspection.
      1. Log in to the AWS VPC console.
      2. Select Transit Gateway Route Tables and choose your transit gateway route table. This route table is created by the template and is called <app-stack-name>-<region>-PANWAppAttRt.
      3. Select Routes and click Create static route.
      4. Enter 0.0.0.0/0 in the CIDR field.
      5. From the Choose attachment drop-down, select the VM-Series firewall VPC attachment.
      6. Click Create static route.
    13. (Optional) Create a bastion host (also called a jump box) to access the web server created by the application template.
      1. Create a public-facing subnet in your application VPC.
      2. Add a route to this subnet from your IP address to the internet gateway.
      3. Create a new EC2 instance in the public subnet with a public IP address.
      4. Create a security group for this EC2 instance that allows SSH from your IP address.

    © 2024 Palo Alto Networks, Inc. All rights reserved.