Subscribe to and Prepare Cloud NGFW
This is a multi-section tutorial, with dependencies between each section. Please perform each section in order, per the links on the left-hand sidebar.
Objective
In this next part of the tutorial, the objective is to subscribe to Cloud NGFW in AWS, then prepare it such that ongoing configuration and operation can be performed with Terraform.
Assumptions and Lab Guidance
Please ensure you have read and understood the assumptions and lab guideance at the start of this multi-section tutorial.
Subscribe and initalize Cloud NGFW
The following subscribe and initialize steps are pre-requisite to using Terraform to manage CloudNGFW. Please follow the full documentation found here. A summary of the steps in the documentation is as follows:
- Subscribe to Palo Alto Networks Cloud NGFW in the AWS Marketplace
- Confirm your AWS account has the relevant permissions to proceed
- Create an account in Palo Alto Networks Cloud NGFW
- Link your AWS account to your Palo Alto Networks Cloud NGFW account
- Use the provided CloudFormation Template to give Cloud NGFW the permissions to create and read resources in your AWS account
- Launch your Cloud NGFW in AWS
- Optionally, link your Cloud NGFW to your existing Palo Alto Networks Support Account
Enable programmatic access to Cloud NGFW
With your Cloud NGFW subscription initialized, the final step before being able to use Terraform, is to enable programmatic access to Cloud NGFW, as this is disabled by default.
- Go to https://web.aws.cloudngfw.paloaltonetworks.com/
- Select Tenant under Settings header
- Click the
Programmatic Accessslider button - Confirm you wish to enable this feature