Auto Scaling GlobalProtect on AWS

A sample prototype for Auto Scaling GlobalProtect on AWS.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/aws/tree/master/globalprotect-asg

Auto Scaling the VM-Series on AWS with Terraform

Terraform Template that deploys an AWS Load Balancer sandwich and the VM-Series firewalls to enable Auto Scaling.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/terraform-templates/tree/master/aws_elb_autoscale

ALB/NLB Load Balancer sandwich for managed scale/high availability

Templates and scripts that deploy an AWS ALB/NLB Load Balancer sandwich and two VM-Series firewalls to deliver managed scale and high availability for inbound applications.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/aws-alb-sandwich

Palo Alto Networks NAT Rule Updater

A process for keeping NAT rule destination IPs in sync with changing Elastic Load Balancer VIPs. A Lambda function is used to retrieve the latest ELB VIPs and updates the NAT destination IP if necessary. The process uses naming conventions and instance tagging for configuration.

Partner Community Supported

https://github.com/Cloudticity/PALO-ALTO-NETWORKS

AWS two-tier sample deployed with Terraform

Terraform template that deploys a two-tier web/DB application on AWS secured by a bootstrapped VM-Series firewall.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/terraform-templates/tree/master/aws_two_tier

AWS two-tier sample deployed with Terraform & Ansible

Deploys a two-tiered web/DB and bootstrapped VM-Series firewall using a Terraform Template. The VM-Series is then configured using Ansible scripts.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/terraform-templates/tree/master/aws_two_tier_no_bootstrap_with_ansible

Transit VPC with the VM-Series on AWS

The AWS Transit VPC is a highly scalable architecture that provides centralized security and connectivity services. Our VM-Series integration with the Transit VPC allows for a fully automated method of securely attaching subscribing (spoke) VPCs to the transit VPC.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/aws-transit-vpc

Transit VPC Manual Build Step-by-Step Guide

Guides user through the process of building a Transit VPC with the VM-Series. Once completed, the user will have built a Hub, and 3 subscribing VPC spokes.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/aws-transit-vpc/blob/master/documentation/Transit_VPC_Manual_Build_Guide.pdf

AWS Transit Gateway – Manual Build

Step by step guide to deploying a Transit Gateway within a Transit VPC with the VM-Series.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/TransitGatewayDeployment/blob/master/Documentation/AWS_Transit_Gateway_ManualBuild.pdf

Terraform Template that deploys a two-tier containerized application on AKS secured by VM-Series

Uses a Terraform template to deploy (2) two-tiered containerized applications (Guestbook app and a WordPress server) within an AKS cluster that is protected by the VM-Series in an Application Gateway/Load Balancer sandwich.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/AKS-k8s-north-south-inspection

Azure-FW-4-Interfaces

Deploys a VM-Series with 4 interfaces into an existing Microsoft Azure environment.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/Azure-FW-4-Interfaces-

Azure-FW-3-Interfaces

Deploys a VM-Series with 3 interfaces (1-MGMT and 2-Dataplane) into an existing Microsoft Azure environment.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/Azure-FW-3-Interfaces-

Multiple Azure interface variations

Several ARM templates for the VM-Series with varying options including multiple interfaces.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/Azure-interface-options

Azure-2-Firewalls-Public-Load-Balancer

Deploys a Public Azure Load Balancer in front of 2 VM-Series firewalls with the following features:

• The 2 firewalls are deployed with 4-8 interfaces. 1 MGMT and 3-7 data plane.
• Static IP addresses are assigned to the interfaces based on the input in the starting ip address fields.

Note: This template deploys into existing VNETs and storage accounts within the same region. As a result, the storage account and VNET must be created before deploying this template.

Palo Alto Networks Community Supported

https://github.com/kytx42/Azure/tree/master/Azure-2FW-Public-LB

Terraform two tier application environment protected by VM-Series

A Terraform Template that deploys two-tiered web/DB application environment secured by a VM-Series firewall.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/terraform-templates/blob/master/azure_two_tier_sample

Load balancer sandwich with the VM-Series

Uses a Terraform template to a load balancer sandwich, web servers and VM-Series firewalls.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/GCP-Terraform-Samples/tree/master/LB-Sandwich

GKE load balancer sandwich with the VM-Series

Uses a Terraform template to a GKE load balancer sandwich and VM-Series firewalls.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/GCP-Terraform-Samples/tree/master/GKE-LB-Sandwich

Two tier application environment protected by VM-Series

Uses a Terraform template to deploy a two-tiered web server/DB application environment protected by a bootstrapped VM-Series firewall.

Palo Alto Networks Community Supported

https://github.com/PaloAltoNetworks/GCP-Terraform-Samples/tree/master/Two-Tier

Device Package for Cisco ACI

Device Package for Cisco ACI that integrates Palo Alto Networks Next-Generation Firewalls and Panorama centralized manager into the Cisco Application Centric Infrastructure for automated deployments of application-based network and security policy.

Palo Alto Networks Palo Alto Networks and Community Supported

https://live.paloaltonetworks.com/t5/Cisco-ACI/ct-p/cisco_aci

VM-Series Heat Orchestration Templates

This is an OpenStack Heat Orchestration Template (HOT) repository to deploy and/or configure Palo Alto Networks VM-Series virtualized next-generation firewall in an OpenStack cloud. In this repository, there are sample templates that should be used as a reference and customized for your network security design.

Palo Alto Networks Palo Alto Networks and Community Supported

https://github.com/PaloAltoNetworks/openstack-templates

Palo Alto Networks Ansible Modules

Ansible collection for easy automation of Palo Alto Networks next generation firewalls and Panorama, in both physical and virtual form factors.

Palo Alto Networks pan.dev Supported

https://github.com/PaloAltoNetworks/pan-os-ansible

Palo Alto Networks PAN-OS Python

The PAN-OS SDK for Python is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.

Palo Alto Networks pan.dev Supported

https://github.com/PaloAltoNetworks/pan-os-python

Provider for PAN-OS

Automates various configuration and policy aspects of the Palo Alto Networks physical or virtualized next generation firewalls and Panorama.

Palo Alto Networks pan.dev Supported

https://www.terraform.io/docs/providers/panos/index.html

Palo Alto Networks Repository of Terraform Modules

Palo Alto Networks pan.dev Supported

https://registry.terraform.io/search/modules?namespace=PaloAltoNetworks