How to deploy Palo Alto firewall on AWS cloud using VPC and EC2

Рет қаралды 37,811

Күн бұрын

Пікірлер: 45

@Dash277 Ай бұрын

17:18 Just a heads up for anyone following: I didn't have an Internet Gateway as an option. I had to go to Services > Network Content and Delivery > VPC >Internet Gateway and create one. Then attach it to the VPC Great stuff!

@aussietaipan8700 3 жыл бұрын

Thanks mate. We are soon to deploy PA and move to PA in AWS. This vid will make me look like an expert.

@felixmoshami17 Жыл бұрын

quality content i would request you come up with palo alto firewall configuration as a course

@rileylabski 3 жыл бұрын

Very good video to get someone oriented/deploying in AWS. Top notch work!

@SecurityPanda 11 ай бұрын

Very well explained !! Appreciate your efforts !!!

@thilagarajuma 2 жыл бұрын

Thank-you for detail session

@ahmedfarhanable Жыл бұрын

Great video, next video could be how to connect the ec2 in private subnet to the internet. I have ec2 now in private subnet but it seems we need to enable NAT to allow ec2 to access internet. If we have full video that would be great end to end. Enable url filtering block ips etc

@joelmck 4 жыл бұрын

Thank you for this. Very well demonstrated.

@tyrondeonarine1348 2 жыл бұрын

I needed this. Thank you.

@ajayaj6483 3 жыл бұрын

Beautifully put together. Thanks

@thecybermyth3975 2 жыл бұрын

You have been sighted on the radar!!

@faketestgmail7263 3 жыл бұрын

You're the best mate

@anuragk4186 4 жыл бұрын

Thanks for the video. Looking forward to see more videos.

@MrElsocio 3 жыл бұрын

Thank you. Amazing video, it helped me!

@shamax2201 8 ай бұрын

Thank you very much !!

@thrtnastrx 2 жыл бұрын

Great video, thank you!

@hakimkipli 4 жыл бұрын

Thanks for the video. Helps a lot

@sanjooroks 3 жыл бұрын

Amazing video

@JavedShaik 4 жыл бұрын

Nice one helped me a lot

@AbhishekSingh-zd4gm 2 жыл бұрын

Thanks for the tutorial. i am unable to pat the traffic for a test pc i created, which is on the inside of the firewall, since the wan port information is not visible on the firewall. any idea how can i achieve it??

@nikeshjha8877 4 жыл бұрын

Thanks a lot

@sathish777 4 жыл бұрын

thanks much

@adeadedeji2458 4 жыл бұрын

This is great. Got a question please. If I deploy another palo alto vm, how would I configure the palo alto panorama to give me an overview of all the firewalls? Thanks

@ElastiCourse 4 жыл бұрын

Hi Ade, I will have a detailed video on Panorama central management soon, stay tuned.

@jonathanlynn6397 3 жыл бұрын

Just to clarify - Why are the links in the description about Fortigate? I was expecting links to the Palo Alto Courses.

@ElastiCourse 3 жыл бұрын

Palo Alto courses are yet to be released. Existing courses are only on Fortigate, Fortimanager and AWS.

@jonathanlynn6397 3 жыл бұрын

@@ElastiCourse muchly appreciated!

@khoi2280 3 жыл бұрын

Hi, I just deployed a palo on AWS but seem to be having problems with the management interface not having an internet connection. i have associated the management subnet to the outside route table but still no luck. pls help

@ElastiCourse 3 жыл бұрын

Make sure the management IP has got a public IP (Elastic IP), and security group allows ports 22 for SSH and 443 for Web Management. Then SSH first to the Palo Alto management Public IP using the private key you downloaded during instance creation.

@chuckjamm 3 жыл бұрын

Thanks for sharing this video. For me, I now have questions - for this setup is much different that a setup in VMWare or having a physical firewall. I see that you are using a private IP space for your Public IP scheme. Is there some internal NAT that is done by the VPC gateway in order to use the firewall as a VPN server?

@ElastiCourse 3 жыл бұрын

Jesse, AWS uses Public IPs on the edge only, meaning they do the NAT on their own using whichever elastic IP was generated/assigned to public interface. It may seem confusing if you are new to cloud networks, but this is done outside the VM therefore you don't see public IP directly on the firewall, by the time the VPN packet hit the internet it will look like this: Source IP: Elastic IP provided by AWS Destination IP: Remote VPN partner server When other side respond to VPN negotiation it looks like this\ Source IP: Remote VPN partner server Destination IP: Elastic IP provided by AWS AWS then takes the packet, does reverse NAT from Elastic IP to real private IP of public interface of the firewall VM.

@chuckjamm 3 жыл бұрын

@@ElastiCourse Thanks for the explanation!

@rajeshrawat866 Жыл бұрын

Can we integrate one plao Alto VM with multiple VPC in aws

@ElastiCourse Жыл бұрын

I don't believe it's possible unless you peer the other vpc to the palo alto vpc and configure the route table accordingly

@quyleanh1900 3 жыл бұрын

now i can implement the policy from port e1/2 (source) to port e1/1 (destination same wan) to let the private ip out to the internet, right?

@ElastiCourse 3 жыл бұрын

Yes you need a policy from Private interface and network to WAN network with NAT enabled to get access to Internet from your private network, you can tune in the policy by order to allow and deny specific traffic patterns or ports based on your needs.

@letrange1 Жыл бұрын

@@ElastiCourse Amazing video. Thanks! One related question to the previous one. NAT is enabled in the VM Series or using the NAT gateway available in AWS? Sorry if the answer is really obvious, but I´d appreciate if you can confirm that.

@ElastiCourse Жыл бұрын

@@letrange1 I used NAT in the firewall, not the NAT gateway.

@hussainqureshi2153 3 жыл бұрын

My interfaces are red even after Commit although i followed the steps properly i am talking about ethernet1/1 & ethernet 2/2 i restarted the instance again & again but same. what could be the possible reason ?

@dhananjay3974 3 жыл бұрын

Hi Hussain, Does it resolved ? I am also facing same issue

@ElastiCourse 3 жыл бұрын

I recall something similar happened as I was making the video. Did you check interface config and see interface enabled and set to DHCP addressing mode?

@joelryan2222 3 жыл бұрын

Does anyone know how to remove the vm series firewall free tier from aws marketplace? The version I subscribed to returns an error that said the instance is deactivated or I do not have permissions.

@ElastiCourse 3 жыл бұрын

What I would do is try to launch an EC2 instance and search for FortiGate on the marketplace, select the image, and if you are not unsubscribed to it, it will automatically subscribe for you.