Saucepan

User Tools

Site Tools

Trace: multicast aws globalprotect_versions firewall_resources disk_space zone_protection oracle aws_transit_gateway firewall-hardware
paloaltonetworks:vmseries:aws

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
paloaltonetworks:vmseries:aws [2020/05/18 13:30] – created bstaffordpaloaltonetworks:vmseries:aws [2022/11/23 12:49] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== AWS ====== ====== AWS ======
-[https://www.paloaltonetworks.com/documentation/80/virtualization/virtualization/set-up-the-vm-series-firewall-on-aws/deploy-the-vm-series-firewall-on-aws/launch-the-vm-series-firewall-on-aws#ide07b93a2-ccb3-4c69-95fe-96e3328b8514 This] page is excellent for deploying Palo. 
  
-In particular, after deploying the Palo instance, you will need to use SSH to access the CLI to set the Admin password. This will allow you to access the web GUI.+[[https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-aws.html|This]] page is excellent for deploying Palo.
  
-Once the instance is running, connect to it using a SSH client with the private key file used to launch the instance.  +===== Getting Initial Access to Firewall in AWS ===== 
-For example: <nowiki>ssh -i <privatekey.pem> admin@<EIP or private IP of eth0></nowiki> + 
-Then use the PAN-OS CLI commands  +After deploying the Palo Alto Networks VM firewall instance, you will need to use SSH to access the CLI to set the password for the ''admin'' account. This will allow you to access the web GUI. 
-** <nowiki>configure</nowiki> + 
-** <nowiki>set mgt-config users admin password</nowiki> +Once the instance is running, connect to it using a SSH client with the private key file defined when you launched the instance. 
-** <nowiki>commit</nowiki>+ 
 +For example ''ssh -i <privatekey.pem> admin@<public IP of eth0>'' 
 + 
 +Then use the PAN-OS CLI commands  
 +    - ''configure'' 
 +    - ''set mgt-config users admin password'' 
 +    - ''commit''
  
 If you are using Putty, you will need to convert the PEM key file to PPK. If you are using Putty, you will need to convert the PEM key file to PPK.
-Start PuTTYgen (for example, from the Start menu, choose All Programs > PuTTY > PuTTYgen). +  - Start PuTTYgen (for example, from the Start menu, choose All Programs > PuTTY > PuTTYgen). 
-Under Type of key to generate, choose RSA. (If you're using an older version of PuTTYgen, choose SSH-2 RSA. ) +  Under Type of key to generate, choose RSA. (If you're using an older version of PuTTYgen, choose SSH-2 RSA. ) 
-Choose Load. By default, PuTTYgen displays only files with the extension .ppk. To locate your .pem file, select the option to display files of all types.  +  Choose Load. By default, PuTTYgen displays only files with the extension .ppk. To locate your .pem file, select the option to display files of all types.  
-Select your .pem file for the key pair that you specified when you launched your instance, and then choose Open. Choose OK to dismiss the confirmation dialog box. +  Select your .pem file for the key pair that you specified when you launched your instance, and then choose Open. Choose OK to dismiss the confirmation dialog box. 
-Choose Save private key to save the key in the format that PuTTY can use. PuTTYgen displays a warning about saving the key without a passphrase. Choose Yes. +  Choose Save private key to save the key in the format that PuTTY can use. PuTTYgen displays a warning about saving the key without a passphrase. Choose Yes. 
-Specify the same name for the key that you used for the key pair (for example, my-key-pair). PuTTY automatically adds the .ppk file extension. +  Specify the same name for the key that you used for the key pair (for example, my-key-pair). PuTTY automatically adds the .ppk file extension. 
-Your private key is now in the correct format for use with PuTTY. You can now connect to your instance using PuTTY's SSH client. +  Your private key is now in the correct format for use with PuTTY. You can now connect to your instance using PuTTY's SSH client.  
 + 
 +**Note**: A passphrase on a private key is an extra layer of protection, so even if your private key is discovered, it can't be used without the passphrase. The downside to using a passphrase is that it makes automation harder because human intervention is needed to log on to an instance, or copy files to an instance. 
 + 
 +===== Panorama AWS ===== 
 +Panorama 10.0 is happy with 8 CPU and 32 GB RAM when in Panorama mode. However, when you go to 10.1, it wants 16 CPU.
  
-'''Note''': A passphrase on a private key is an extra layer of protectionso even if your private key is discovered, it can't be used without the passphraseThe downside to using a passphrase is that it makes automation harder because human intervention is needed to log on to an instanceor copy files to an instance.+Mid 2022 
 +  * m4.2xlarge (8vCPU32GB) for ~ $325 per month 
 +  * m4.4xlarge (16vCPU64GB) for ~ $650 per month
  
paloaltonetworks/vmseries/aws.1589808609.txt.gz · Last modified: (external edit)