topic ELBv2 Scaling Questions in VM-Series in the Public Cloud https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/elbv2-scaling-questions/m-p/355123#M1022 <P>I am trying to use</P><P>&nbsp;</P><P><A href="https://github.com/PaloAltoNetworks/aws-elb-autoscaling/tree/master/Version-2.0" target="_blank" rel="noopener">https://github.com/PaloAltoNetworks/aws-elb-autoscaling/tree/master/Version-2.0</A> for setting up a PoC.</P><P>&nbsp;</P><P>I went through the docs and was able to get a pair of PANFW running with some changes to the IAM roles required as per the cloud formation templates.</P><P>&nbsp;</P><P>The ALB (ELBv2) is exposed on port 80 on the frontend. But ALB seems to probe the FW instance on port 81 on the backend.</P><P>So for example, public-elb-&lt;id&gt;.us-west-1.elb.amazonaws.com:80 are the load balancer front end.</P><P>firewall_instance_az1:81 and firewall_instance_az1:81 are the load balancer back ends.</P><P>AMI ID: ami-a95b4fc9 (BYOL)</P><P>Based on this deployment I had a few questions,</P><P>&nbsp;</P><P>1. After the deployment, the ALB (ELBv2) Target Group Health Checks fail and I noticed that there is no process opening port 81 on the FW, even after the management interface switch - <A href="https://docs.paloaltonetworks.com/vm-series/7-1/vm-series-deployment/set-up-the-vm-series-firewall-in-aws/management-interface-mapping-for-use-with-amazon-elb" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/vm-series/7-1/vm-series-deployment/set-up-the-vm-series-firewall-in-aws/management-interface-mapping-for-use-with-amazon-elb</A></P><P>2. How do we debug this web ui or web portal for Firewall?</P><P>3. Is that the expected behavior to expose on port 80 on frontend? Is this to simulate a simple scenario with the cfn templates and we need to manually setup certificates on ALB for communication over TLS?</P><P>4. How do we configure multiple authcodes in the bootstrap package, assuming 2 FWs, 1 per AZ?</P><P>&nbsp;</P><P><A href="https://19216801.win/" target="_self"><FONT size="1 2 3 4 5 6 7" color="#FFFFFF">https://19216801.win/</FONT></A> <A href="https://routerlogin.cloud/" target="_self"><FONT size="1 2 3 4 5 6 7" color="#FFFFFF">https://routerlogin.cloud/</FONT></A> <A href="https://192168101.red/" target="_self"><FONT size="1 2 3 4 5 6 7" color="#FFFFFF">https://192168101.red/</FONT></A></P><P>&nbsp;</P><P>Thanks</P> Thu, 08 Oct 2020 12:38:23 GMT josefcasey 2020-10-08T12:38:23Z ELBv2 Scaling Questions https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/elbv2-scaling-questions/m-p/355123#M1022 <P>I am trying to use</P><P>&nbsp;</P><P><A href="https://github.com/PaloAltoNetworks/aws-elb-autoscaling/tree/master/Version-2.0" target="_blank" rel="noopener">https://github.com/PaloAltoNetworks/aws-elb-autoscaling/tree/master/Version-2.0</A> for setting up a PoC.</P><P>&nbsp;</P><P>I went through the docs and was able to get a pair of PANFW running with some changes to the IAM roles required as per the cloud formation templates.</P><P>&nbsp;</P><P>The ALB (ELBv2) is exposed on port 80 on the frontend. But ALB seems to probe the FW instance on port 81 on the backend.</P><P>So for example, public-elb-&lt;id&gt;.us-west-1.elb.amazonaws.com:80 are the load balancer front end.</P><P>firewall_instance_az1:81 and firewall_instance_az1:81 are the load balancer back ends.</P><P>AMI ID: ami-a95b4fc9 (BYOL)</P><P>Based on this deployment I had a few questions,</P><P>&nbsp;</P><P>1. After the deployment, the ALB (ELBv2) Target Group Health Checks fail and I noticed that there is no process opening port 81 on the FW, even after the management interface switch - <A href="https://docs.paloaltonetworks.com/vm-series/7-1/vm-series-deployment/set-up-the-vm-series-firewall-in-aws/management-interface-mapping-for-use-with-amazon-elb" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/vm-series/7-1/vm-series-deployment/set-up-the-vm-series-firewall-in-aws/management-interface-mapping-for-use-with-amazon-elb</A></P><P>2. How do we debug this web ui or web portal for Firewall?</P><P>3. Is that the expected behavior to expose on port 80 on frontend? Is this to simulate a simple scenario with the cfn templates and we need to manually setup certificates on ALB for communication over TLS?</P><P>4. How do we configure multiple authcodes in the bootstrap package, assuming 2 FWs, 1 per AZ?</P><P>&nbsp;</P><P><A href="https://19216801.win/" target="_self"><FONT size="1 2 3 4 5 6 7" color="#FFFFFF">https://19216801.win/</FONT></A> <A href="https://routerlogin.cloud/" target="_self"><FONT size="1 2 3 4 5 6 7" color="#FFFFFF">https://routerlogin.cloud/</FONT></A> <A href="https://192168101.red/" target="_self"><FONT size="1 2 3 4 5 6 7" color="#FFFFFF">https://192168101.red/</FONT></A></P><P>&nbsp;</P><P>Thanks</P> Thu, 08 Oct 2020 12:38:23 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/elbv2-scaling-questions/m-p/355123#M1022 josefcasey 2020-10-08T12:38:23Z