Palo Alto Panorama deployment example
The scope of this code is to deploy one or more vpc networks and subnetworks along with one or more panorama instances in a single project and region in Google Cloud. The example deploys panorama to be used in management only mode (without additional logging disks). For option on how to add additional logging disks - please refer to panorama module documentation
Topology
The topology consists of :
- A VPC network and a subnetwork
- A panorama instance with a Public IP address attached to the created vpc network and subnetwork
- Firewall rules that allow access to the panorama management interface
Prerequisites
Prepare panorama license
Configure the terraform google provider
Build
Access Google Cloud Shell or any other environment which has access to your GCP project
Clone the repository and fill out any modifications to tfvars file (
example.tfvars
- at leastproject
,ssh_keys
andsource_ranges
should be filled in for successful deployment and access to the instance after deployment)
git clone https://github.com/PaloAltoNetworks/terraform-google-swfw-modules
cd terraform-google-swfw-modules/examples/panorama
- Apply the terraform code
terraform init
terraform apply -var-file=example.tfvars
Check the output plan and confirm the apply
Check the successful application and outputs of the resulting infrastructure:
Apply complete! Resources: 8 added, 0 changed, 0 destroyed. (Number of resources can vary based on how many instances you push through tfvars)
Outputs:
panorama_private_ips = {
"panorama-01" = "172.21.21.2"
}
panorama_public_ips = {
"panorama-01" = "x.x.x.x"
}
Post build
Connect to the panorama instance(s) via SSH using your associated private key and set a password :
ssh admin@x.x.x.x -i /PATH/TO/YOUR/KEY/id_rsa
Welcome admin.
admin@Panorama> configure
Entering configuration mode
[edit]
admin@Panorama# set mgt-config users admin password
Enter password :
Confirm password :
[edit]
admin@Panorama# commit
Configuration committed successfully
Check access via web UI
Use a web browser to access https://x.x.x.x and login with admin and your previously configured password
Reference
Requirements
Name | Version |
---|---|
terraform | >= 1.3, < 2.0 |
Providers
No providers.
Modules
Name | Source | Version |
---|---|---|
panorama | ../../modules/panorama | n/a |
vpc | ../../modules/vpc | n/a |
Resources
No resources.
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
name_prefix | A string to prefix resource namings | string | "" | no |
networks | A map containing each network setting. Example of variable deployment : For a full list of available configuration items - please refer to module documentationMultiple keys can be added and will be deployed by the code | any | n/a | yes |
panoramas | A map containing each panorama setting. Example of variable deployment : For a full list of available configuration items - please refer to module documentationMultiple keys can be added and will be deployed by the code | any | n/a | yes |
project | The project name to deploy the infrastructure in to. | string | null | no |
region | The region into which to deploy the infrastructure in to | string | "us-central1" | no |
Outputs
Name | Description |
---|---|
panorama_private_ips | Private IP address of the Panorama instance. |
panorama_public_ips | Public IP address of the Panorama instance. |