VM-Series Firewall on AWS
What do you need to set up the VM-Series on AWS?
| Where Can I Use This? | What Do I Need? |
|---|
|
|
- AWS account
- Amazon Machine Image (AMI) ID
- VM-Series License (PAYG or BYOL)
- VM-Series plugin
- Panorama
- Panorama plugin for AWS
|
The VM-Series firewall can be deployed in the public Amazon Web Services (AWS)
cloud and AWS GovCloud. It can then be configured to secure access to the applications
that are deployed on EC2 instances and placed into a Virtual Private Cloud (VPC) on
AWS.
VM-Series firewall now supports subscription to
Web Proxy in AWS environments.
The Amazon Web Service (AWS) is a public cloud service that enables you to run your
applications on a shared infrastructure managed by Amazon. These applications can be
deployed on scalable computing capacity or EC2 instances in different AWS regions and
accessed by users over the internet.
For networking consistency and ease of management of EC2 instances, Amazon offers the
Virtual Private Cloud (VPC). A VPC is apportioned from the AWS public cloud, and is
assigned a CIDR block from the private network space (RFC 1918). Within a VPC, you can
carve out public or private subnets for your needs and deploy the applications on EC2
instances within those subnets. To then enable access to the applications within the
VPC, you can deploy the VM-Series firewall on an EC2 instance. The VM-Seriesfirewall can then be configured to secure traffic to and from
the EC2 instances within the VPC.
The VM-Series firewall is available in both the public AWS cloud and on
AWS GovCloud. The VM-Series firewall in public AWS and AWS GovCloud
supports the bring your own license (BYOL) model and the hourly Pay-As-You-Go (PAYG),
the usage-based licensing model that you can avail from the AWS Marketplace. For
licensing details, see
VM-Series License Types.
VM-Series firewall now supports ARM-based instances on AWS Graviton
3, AWS Graviton 2 (ARM compute) instances for public clouds. All
features that were available in x86 environments are now extended to ARM-based
instances including hypervisor support, DPDK that provide better performance, while
reducing the operational (OPEX) costs, power consumption, and footprints. ARM
architecture support is currently available on AWS BYOL VM-Flex licensing models on
the AWS C7gn, AWS R7g, AWS M7g for AWS Graviton 3 and
AWS C6gn, AWS R6g, AWS M6g instances for AWS Graviton
2 instances and supports ENA drivers.
You can deploy the
VM-Series firewall on an AWS instance size with more
resources than the minimum
VM-Series System Requirements. If you choose a
larger instance size for the
VM-Series firewall model, although the
firewall only uses the max vCPU cores and memory shown in the table, it does take
advantage of the faster network performance that AWS provides. If you want to change the
instance type on your
VM-Series firewall that is licensed with the BYOL
option, you must
deactivate the VM before you switch the
instance type to ensure that your license is valid. See
Upgrade the VM-Series firewall to know
why.
For guidance with sizing the
VM-Series firewall on AWS, refer to this
article.
