====== AWS ======

[[https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-aws.html|This]] page is excellent for deploying Palo.

===== Getting Initial Access to Firewall in AWS =====

After deploying the Palo Alto Networks VM firewall instance, you will need to use SSH to access the CLI to set the password for the ''admin'' account. This will allow you to access the web GUI.

Once the instance is running, connect to it using a SSH client with the private key file defined when you launched the instance.

For example ''ssh -i <privatekey.pem> admin@<public IP of eth0>''

Then use the PAN-OS CLI commands 
    - ''configure''
    - ''set mgt-config users admin password''
    - ''commit''

If you are using Putty, you will need to convert the PEM key file to PPK.
  - Start PuTTYgen (for example, from the Start menu, choose All Programs > PuTTY > PuTTYgen).
  - Under Type of key to generate, choose RSA. (If you're using an older version of PuTTYgen, choose SSH-2 RSA. )
  - Choose Load. By default, PuTTYgen displays only files with the extension .ppk. To locate your .pem file, select the option to display files of all types. 
  - Select your .pem file for the key pair that you specified when you launched your instance, and then choose Open. Choose OK to dismiss the confirmation dialog box.
  - Choose Save private key to save the key in the format that PuTTY can use. PuTTYgen displays a warning about saving the key without a passphrase. Choose Yes.
  - Specify the same name for the key that you used for the key pair (for example, my-key-pair). PuTTY automatically adds the .ppk file extension.
  - Your private key is now in the correct format for use with PuTTY. You can now connect to your instance using PuTTY's SSH client. 

**Note**: A passphrase on a private key is an extra layer of protection, so even if your private key is discovered, it can't be used without the passphrase. The downside to using a passphrase is that it makes automation harder because human intervention is needed to log on to an instance, or copy files to an instance.

===== Panorama AWS =====
Panorama 10.0 is happy with 8 CPU and 32 GB RAM when in Panorama mode. However, when you go to 10.1, it wants 16 CPU.

Mid 2022
  * m4.2xlarge (8vCPU, 32GB) for ~ $325 per month
  * m4.4xlarge (16vCPU, 64GB) for ~ $650 per month