: Deploy the VM-Series Firewall Using IBM Cloud Schematics
Focus
Focus

Deploy the VM-Series Firewall Using IBM Cloud Schematics

Table of Contents

Deploy the VM-Series Firewall Using IBM Cloud Schematics

To deploy the VM-Series firewall using the IBM catalog template, you must first create a VPC network for each interface on the firewall. For instructions on creating a VPC network, see Getting Started with VPC network.
You can deploy the VM-Series Next-Generation Firewall (BYOL) through IBM cloud Schematics. The IBM cloud terraform template deploys an instance of the VM-Series firewall with a minimum of one management interface and two dataplane interfaces. You can add additional dataplane interfaces for up to five IBM cloud instances in your virtual private cloud (VPC).
Before you deploy the VM-Series firewall, you must create or choose a project in your organization and create any networks and subnets that will connect to the firewall. You cannot attach multiple network interfaces to the same VPC network. Every interface you create must have a dedicated network with at least one subnet. Ensure that your networks include any additional dataplane instances you create.
All VM-Series firewall interfaces must be assigned an IPv4 address when deployed in a public cloud environment. IPv6 addresses are not supported.
  1. Locate the VM-Series firewall listing in IBM Cloud Catalog.
    1. Log in to IBM Cloud.
    2. Click Catalog.
    3. Search for Palo Alto Networks VM-Series Firewall - BYOL in the IBM Cloud catalog search box.
    4. Click the Palo Alto Networks VM-Series Firewall - BYOL tile.
  2. Configure your workspace.
    1. Enter the Deployment Name (this name is displayed in the Deployment Manager). The name must be unique and cannot conflict with any other deployment in the project.
    2. Select a Resource group. For instructions to create a resource group, see Creating a Resource Group.
    3. Enter relevant Tags. Tags help you in identifying your deployment.
  3. Specify the values for following parameters:
    Parameter
    Description
    Sample Value
    image_nameVM-Series image to be installed.pa-vm-kvm-9-1-3-1 or pa-vm-kvm-10-0-6
    regionVPC region that you want your VPC virtual servers to be provisioned.us-east
    ssh_key_nameThe name of your public SSH key to be used for VSI. For information on creating an SSH key, see Public SSH Key. vm-series-ssh-key
    subnet_id1The ID of the subnet (management) which will be associated with the first interface of the VNF instance. Click the subnet details in the VPC Subnet Listing to determine this value.0717-xxxxxx-xxxx-xxxxx-8fae-xxxxx
    subnet_id2The ID of the subnet (data-plane) which will be associated with the second interface of the VNF instance. Click the subnet details in the VPC Subnet Listing to determine this value.0717-xxxxxx-xxxx-xxxxx-8fae-xxxxx
    vnf_instance_nameName of the VNF instance to be provisioned (lower-case).vm-series-fw-vsi
    vnf_profileThe profile of compute CPU and memory resources to be used when provisioning the vnf instance. For more information, see Instance Profiles. bx2-8x32
    vnf_security_groupThe name of the security group to which the VNF Instance's first interface(management) belongs to.vm-series-mgmt-sg
  4. Installing the terraform template.
    1. Click Install.
    2. Navigate to IBM cloudSchematicsWorkspaces and choose your workspace to view and edit details related to your workspace.
  5. Accessing the management interface of the VM Series Firewall.
    1. Navigate to IBM cloudVPC InfrastructureFloating IPs and copy the Floating IP of your VPC instance on which you have deployed the VM Series Firewall.
    2. Open a browser and enter the IP address in the URL region of the browser prefixing it with https(for example, https://161.xxx.173.xxx). The VM Series Firewall management interface login screen appears. If you are using a VPN connection, you may have to terminate the connection before connecting to the VM-Series console (URL).
    3. Login to the interface using the following credentials: Username: admin Password: admin
      You will be prompted to change your password on your first login. You will be able to access the interface only after logging in with the changed password.