PaloAltoNetworks / aws-vmseries-gwlb-poc

Mozilla Public License 2.0
2 stars 5 forks source link

VM-Series with AWS GWLB Demo Guide

Overview

This code helps deploy all the resources required to successfully demonstrate the VM-Series reference architecture with the AWS Gateway Load Balancer. This deployment Post the successful deployment of the resources, including the Palo Alto Networks VM-Series Next Generation Firewall, you will be able to secure all Inbound, Outbound and East traffic to the 2 spoke servers also deployed as part of the demonstration.

Pre-requisites

Demo Lab Setup

In this section, we will launch the lab environment. These are the steps that we will accomplish at this time.

Cloning the Git Repo

git clone https://github.com/PaloAltoNetworks/aws-vmseries-gwlb-poc.git && cd aws-vmseries-gwlb-poc

Deploying from local workspace

If you are attempting to deploy from your local workspace, you would need to update the below values on the aws-vmseries-gwlb-poc/terraform/vmseries/student.auto.tfvars file.

access-key      = ""
secret-key      = ""
region          = ""
ssh-key-name    = ""

In case you are using AWS CloudShell, you can ignore this step.

Run the setup

Once you have completed the above steps as required, ensure that you are in the root directory of the cloned repo and run the below command.

./setup.sh

It will take around 5 minutes to deploy all the lab components. Status will be updated on the cloudshell console as deployment progresses. At the end of deployment, you should see the message “Completed successfully!”

Demo Lab Teardown

Ensure that you have the permissions to delete all the resources that were created as part of the setup. Adjust the "cd" command below to change the directory as required. Run the below commands to teardown the setup.

cd ~/aws-vmseries-gwlb-poc/terraform/vmseries
terraform destroy -auto-approve

Connecting to the app servers

We will be using the user ‘ec2-user’ as the username to login to these applications.

On the AWS CloudShell

aws ec2-instance-connect ssh --instance-id <instance-id>

On the EC2 console

You could also connect to the servers directly on the EC2 console by selecting the instance that you want to connect to, and clicking on the Connect button provided above the instance list. Ensure that you use the username as ec2-user for logging in.

Fin