Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(examples): Add sample configuration for SCM #44

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions examples/multi_nic_common/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,14 @@ The following steps should be followed before deploying the Terraform code prese
1. Prepare [VM-Series licenses](https://support.paloaltonetworks.com/)
2. Configure the terraform [google provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication-configuration)

## Bootstrap

With default settings, firewall instances will get the initial configuration from generated `init-cfg.txt` and `bootstrap.xml` files placed in Cloud Storage.

The `example.tfvars` file also contains commented out sample settings that can be used to register the firewalls to either Panorama or Strata Cloud Manager (SCM) and complete the configuration. To enable this, uncomment one of the sections and adjust `vmseries_common.bootstrap_options` and `vmseries.<fw-name>.bootstrap_options` parameters accordingly.

> SCM bootstrap is supported on PAN-OS version 11.0 and above.

## Usage

1. Access Google Cloud Shell or any other environment that has access to your GCP project
Expand Down Expand Up @@ -59,10 +67,10 @@ terraform apply

4. Check the output plan and confirm the apply.

5. Check the successful application and outputs of the resulting infrastructure:
5. Check the successful application and outputs of the resulting infrastructure (number of resources can vary based on how many instances are defined in tfvars):

```
Apply complete! Resources: 77 added, 0 changed, 0 destroyed. (Number of resources can vary based on how many instances you push through tfvars)
Apply complete! Resources: 77 added, 0 changed, 0 destroyed.

Outputs:

Expand Down
28 changes: 22 additions & 6 deletions examples/multi_nic_common/example.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -176,8 +176,24 @@ vmseries_common = {
min_cpu_platform = "Intel Cascade Lake"
service_account_key = "sa-vmseries-01"
bootstrap_options = {
# TODO: Modify the values below as per deployment requirements
type = "dhcp-client"
mgmt-interface-swap = "enable"

## Panorama based bootstrap.
# panorama-server = "1.1.1.1"
# panorama-server-2 = "2.2.2.2"
# tplname = "example-template"
# dgname = "example-device-group"
# vm-auth-key = "example-123456789"

## SCM based bootstrap.
# panorama-server = "cloud"
# dgname = "example-scm-folder"
# vm-series-auto-registration-pin-id = "example-pin-id"
# vm-series-auto-registration-pin-value = "example-pin-value"
# authcode = "D123456"
# plugin-op-commands = "advance-routing:enable"
}
}

Expand All @@ -195,9 +211,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
spoke1_gcp_router_ip = "10.10.12.1"
Expand Down Expand Up @@ -256,9 +272,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
spoke1_gcp_router_ip = "10.10.12.1"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,13 @@ show_in_hub: false

A Terraform module example for deploying a VM-Series NGFW in GCP using the [metadata](https://docs.paloaltonetworks.com/vm-series/10-2/vm-series-deployment/bootstrap-the-vm-series-firewall/choose-a-bootstrap-method#idf6412176-e973-488e-9d7a-c568fe1e33a9) bootstrap method.

This example can be used to familarize oneself with both the VM-Series NGFW and Terraform - it creates a single instance of virtualized firewall in a Security VPC with a management-only interface and lacks any traffic inspection.
This example can be used to familarize oneself with both the VM-Series NGFW and Terraform - by default the deployment creates a single instance of virtualized firewall in a Security VPC with a management-only interface and lacks any traffic inspection.

## Bootstrap

By default, only basic bootstrap parameters are enabled. The example also provides sample settings that can be used to register the firewall to either Panorama or Strata Cloud Manager (SCM) and complete the configuration. To enable this, uncomment one of the sections in `bootstrap_options` parameter.

> SCM bootstrap is supported on PAN-OS version 11.0 and above.

## Reference
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,29 @@ vmseries = {
"https://www.googleapis.com/auth/monitoring.write",
]
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
type = "dhcp-client"
dhcp-accept-server-hostname = "yes"
dhcp-accept-server-domain = "yes"
dhcp-send-hostname = "yes"
dhcp-send-client-id = "yes"
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"

## Panorama based bootstrap.
# panorama-server = "1.1.1.1"
# panorama-server-2 = "2.2.2.2"
# tplname = "example-template"
# dgname = "example-device-group"
# vm-auth-key = "example-123456789"

## SCM based bootstrap.
# panorama-server = "cloud"
# dgname = "example-scm-folder"
# vm-series-auto-registration-pin-id = "example-pin-id"
# vm-series-auto-registration-pin-value = "example-pin-value"
# authcode = "D123456"
# plugin-op-commands = "advance-routing:enable"
}
named_ports = [
{
Expand Down
12 changes: 10 additions & 2 deletions examples/vmseries_ha/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,14 @@ The following steps should be followed before deploying the Terraform code prese
1. Prepare [VM-Series licenses](https://support.paloaltonetworks.com/)
2. Configure the terraform [google provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication-configuration)

## Bootstrap

With default settings, firewall instances will get the initial configuration from generated `init-cfg.txt` and `bootstrap.xml` files placed in Cloud Storage.

The `example.tfvars` file also contains commented out sample settings that can be used to register the firewalls to either Panorama or Strata Cloud Manager (SCM) and complete the configuration. To enable this, uncomment one of the sections and adjust `vmseries_common.bootstrap_options` and `vmseries.<fw-name>.bootstrap_options` parameters accordingly.

> SCM bootstrap is supported on PAN-OS version 11.0 and above.

## Usage

1. Access Google Cloud Shell or any other environment that has access to your GCP project
Expand Down Expand Up @@ -85,10 +93,10 @@ terraform apply

4. Check the output plan and confirm the apply.

5. Check the successful application and outputs of the resulting infrastructure:
5. Check the successful application and outputs of the resulting infrastructure (number of resources can vary based on how many instances are defined in tfvars):

```
Apply complete! Resources: 96 added, 0 changed, 0 destroyed. (Number of resources can vary based on how many instances you push through tfvars)
Apply complete! Resources: 96 added, 0 changed, 0 destroyed.

Outputs:

Expand Down
28 changes: 22 additions & 6 deletions examples/vmseries_ha/example.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -239,8 +239,24 @@ vmseries_common = {
min_cpu_platform = "Intel Cascade Lake"
service_account_key = "sa-vmseries-01"
bootstrap_options = {
# TODO: Modify the values below as per deployment requirements
type = "dhcp-client"
mgmt-interface-swap = "enable"

## Panorama based bootstrap.
# panorama-server = "1.1.1.1"
# panorama-server-2 = "2.2.2.2"
# tplname = "example-template"
# dgname = "example-device-group"
# vm-auth-key = "example-123456789"

## SCM based bootstrap.
# panorama-server = "cloud"
# dgname = "example-scm-folder"
# vm-series-auto-registration-pin-id = "example-pin-id"
# vm-series-auto-registration-pin-value = "example-pin-value"
# authcode = "D123456"
# plugin-op-commands = "advance-routing:enable"
}
}

Expand All @@ -258,9 +274,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
trust_gcp_router_ip = "10.10.12.1"
Expand Down Expand Up @@ -321,9 +337,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
trust_gcp_router_ip = "10.10.12.1"
Expand Down
12 changes: 10 additions & 2 deletions examples/vpc_peering_common/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,14 @@ The following steps should be followed before deploying the Terraform code prese
1. Prepare [VM-Series licenses](https://support.paloaltonetworks.com/)
2. Configure the terraform [google provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication-configuration)

## Bootstrap

With default settings, firewall instances will get the initial configuration from generated `init-cfg.txt` and `bootstrap.xml` files placed in Cloud Storage.

The `example.tfvars` file also contains commented out sample settings that can be used to register the firewalls to either Panorama or Strata Cloud Manager (SCM) and complete the configuration. To enable this, uncomment one of the sections and adjust `vmseries_common.bootstrap_options` and `vmseries.<fw-name>.bootstrap_options` parameters accordingly.

> SCM bootstrap is supported on PAN-OS version 11.0 and above.

## Usage

1. Access Google Cloud Shell or any other environment that has access to your GCP project
Expand Down Expand Up @@ -83,10 +91,10 @@ terraform apply

4. Check the output plan and confirm the apply.

5. Check the successful application and outputs of the resulting infrastructure:
5. Check the successful application and outputs of the resulting infrastructure (number of resources can vary based on how many instances are defined in tfvars):

```
Apply complete! Resources: 96 added, 0 changed, 0 destroyed. (Number of resources can vary based on how many instances you push through tfvars)
Apply complete! Resources: 96 added, 0 changed, 0 destroyed.

Outputs:

Expand Down
28 changes: 22 additions & 6 deletions examples/vpc_peering_common/example.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -215,8 +215,24 @@ vmseries_common = {
min_cpu_platform = "Intel Cascade Lake"
service_account_key = "sa-vmseries-01"
bootstrap_options = {
# TODO: Modify the values below as per deployment requirements
type = "dhcp-client"
mgmt-interface-swap = "enable"

## Panorama based bootstrap.
# panorama-server = "1.1.1.1"
# panorama-server-2 = "2.2.2.2"
# tplname = "example-template"
# dgname = "example-device-group"
# vm-auth-key = "example-123456789"

## SCM based bootstrap.
# panorama-server = "cloud"
# dgname = "example-scm-folder"
# vm-series-auto-registration-pin-id = "example-pin-id"
# vm-series-auto-registration-pin-value = "example-pin-value"
# authcode = "D123456"
# plugin-op-commands = "advance-routing:enable"
}
}

Expand All @@ -234,9 +250,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
trust_gcp_router_ip = "10.10.12.1"
Expand Down Expand Up @@ -288,9 +304,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
trust_gcp_router_ip = "10.10.12.1"
Expand Down
8 changes: 8 additions & 0 deletions examples/vpc_peering_common_dual_stack/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,14 @@ The following steps should be followed before deploying the Terraform code prese
2. Configure the Terraform [google provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication-configuration)
3. Install `gcloud` beta components: `gcloud components install beta`

## Bootstrap

With default settings, firewall instances will get the initial configuration from generated `init-cfg.txt` and `bootstrap.xml` files placed in Cloud Storage.

The `example.tfvars` file also contains commented out sample settings that can be used to register the firewalls to either Panorama or Strata Cloud Manager (SCM) and complete the configuration. To enable this, uncomment one of the sections and adjust `vmseries_common.bootstrap_options` and `vmseries.<fw-name>.bootstrap_options` parameters accordingly.

> SCM bootstrap is supported on PAN-OS version 11.0 and above.

## Usage

1. Access Google Cloud Shell or any other environment that has access to your GCP project
Expand Down
28 changes: 22 additions & 6 deletions examples/vpc_peering_common_dual_stack/example.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -276,8 +276,24 @@ vmseries_common = {
min_cpu_platform = "Intel Cascade Lake"
service_account_key = "sa-vmseries-01"
bootstrap_options = {
# TODO: Modify the values below as per deployment requirements
type = "dhcp-client"
mgmt-interface-swap = "enable"

## Panorama based bootstrap.
# panorama-server = "1.1.1.1"
# panorama-server-2 = "2.2.2.2"
# tplname = "example-template"
# dgname = "example-device-group"
# vm-auth-key = "example-123456789"

## SCM based bootstrap.
# panorama-server = "cloud"
# dgname = "example-scm-folder"
# vm-series-auto-registration-pin-id = "example-pin-id"
# vm-series-auto-registration-pin-value = "example-pin-value"
# authcode = "D123456"
# plugin-op-commands = "advance-routing:enable"
}
}

Expand All @@ -295,9 +311,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
trust_gcp_router_ip = "10.10.12.1"
Expand Down Expand Up @@ -354,9 +370,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
trust_gcp_router_ip = "10.10.12.1"
Expand Down
8 changes: 8 additions & 0 deletions examples/vpc_peering_common_with_autoscale/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,14 @@ The following steps should be followed before deploying the Terraform code prese
1. Prepare [VM-Series licenses](https://support.paloaltonetworks.com/)
2. Configure the terraform [google provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication-configuration)

## Bootstrap

With default settings, firewall instances will get the initial configuration from generated `init-cfg.txt` and `bootstrap.xml` files placed in Cloud Storage.

The `example.tfvars` file also contains commented out sample settings that can be used to register the firewalls to either Panorama or Strata Cloud Manager (SCM) and complete the configuration. To enable this, uncomment one of the sections and adjust `vmseries_common.bootstrap_options` and `vmseries.<fw-name>.bootstrap_options` parameters accordingly.

> SCM bootstrap is supported on PAN-OS version 11.0 and above.

## Usage

1. Access Google Cloud Shell or any other environment that has access to your GCP project
Expand Down
17 changes: 16 additions & 1 deletion examples/vpc_peering_common_with_autoscale/example.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -248,14 +248,29 @@ autoscale = {
}
}
bootstrap_options = {
# TODO: Modify the values below as per deployment requirements
type = "dhcp-client"
dhcp-send-hostname = "yes"
dhcp-send-client-id = "yes"
dhcp-accept-server-hostname = "yes"
dhcp-accept-server-domain = "yes"
mgmt-interface-swap = "enable"
panorama-server = "1.1.1.1"
ssh-keys = "admin:<your_ssh_key>" # Replace this value with client data

# Panorama based bootstrap.
panorama-server = "1.1.1.1"
panorama-server-2 = "2.2.2.2"
tplname = "example-template"
dgname = "example-device-group"
vm-auth-key = "example-123456789"

## SCM based bootstrap.
# panorama-server = "cloud"
# dgname = "example-scm-folder"
# vm-series-auto-registration-pin-id = "example-pin-id"
# vm-series-auto-registration-pin-value = "example-pin-value"
# authcode = "D123456"
# plugin-op-commands = "advance-routing:enable"
}
network_interfaces = [
{
Expand Down
Loading
Loading