search

PaloAltoNetworks / terraform-azurerm-vmseries-modules

Terraform Reusable Modules for VM-Series on Azure
https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/azurerm/latest
MIT License
49 stars 59 forks source link

Add vm-series common section in examples to include license manager bootstrap options #305

Closed jollymahn closed 10 months ago

jollymahn commented 1 year ago

Is your feature request related to a problem?

Yes. bootstrapping with the license manager. It is not easy or intuitive to build the license manager support into the example.tfvars. Common bootstrap options per pair of firewalls would make this simpler and clean up the config. It would also be better if the file created the objects in order of the networking. RG VNET SUBNETS (subnets should follow the traffic flow based on the diagram in from the internet: Public(10.0.0.0/28), management(10.0.0.16/28), private (10.0.0.32/28) The file formant should match all element following the traffic flow. NSG's ROUTES

Describe the solution you'd like

Value of panorama-server, auth-key, dgname, tplname can be taken from plugin sw_fw_license

bootstrap_options = {
  mgmt-interface-swap         = "enable"
  plugin-op-commands          = "panorama-licensing-mode-on,aws-gwlb-inspect:enable,aws-gwlb-overlay-routing:enable" # TODO: update here
  panorama-server             = "10.255.0.10"                                                                        # TODO: update here
  auth-key                    = ""                                                                                   # TODO: update here
  dgname                      = "centralized"                                                                        # TODO: update here
  tplname                     = "centralized-stack"                                                                  # TODO: update here
  dhcp-send-hostname          = "yes"                                                                                # TODO: update here
  dhcp-send-client-id         = "yes"                                                                                # TODO: update here
  dhcp-accept-server-hostname = "yes"                                                                                # TODO: update here
  dhcp-accept-server-domain   = "yes"                                                                                # TODO: update here
}

Describe alternatives you've considered.

needs to include bootstrap option for each set if firewalls sine transit vnet has 2 pairs of firewalls. one for INBOUND and one for OBEW. We should be driving people to use the license manager osopposed to the legacy method of storage.

Additional context

see AWS example.tfvars. it would be great if tfvar files were in the same format so there is continuity in file format across the different cloud offerings.

welcome-to-palo-alto-networks[bot] commented 1 year ago

:tada: Thanks for opening your first issue here! Welcome to the community!

migara commented 1 year ago

@jollymahn can you clarify what you meant by

It would also be better if the file created the objects in order of the networking

FoSix commented 10 months ago

stale, closing for now