Deploy NGFW in eu-west-2

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Deploy NGFW in eu-west-2

L2 Linker

Hi,

 

I am trying to deploy NGFW in eu-west-2, but it's failing on the Cloudformation template. Steps below:

1. Subscribe to NGFW via AWS Marketplace (which is global and not per region).

2. Click on the verification email and set up new password. Then login.

3. Go to Add account, and then launch cloudformation termplate. 

 

At this point, the template opens up in us-east-1 region by default, and changing the region to eu-west-2 in AWS console does not change the cloudformation template parameter values (Trusted Account ID, ExternalID and SNS). Deploying the template with these values fails

SZanpure_0-1656517627360.png

One thing I want to try is change the region in NGFW Web UI first (In the Rulestack/NGFW section), and then click Add Account to see if it makes a difference. Again, I could not find anything in the docs about this, but I could be looking in the wrong place.

This would be mean I have to un-subscribe, wait for an hour and re-subscribe. While I wait, any suggestions about what I might be missing please?

 

Thanks,

Shreyas

1 accepted solution

Accepted Solutions

Hello Shreyas,
 

Could you please run the cloud formation template in us-east-1 by doing which gets onboarded to us-east-1 and then try changing the region and creating resources in eu-west-2 region

Regards,
Likith R
Product Specialist
Palo Alto Networks
live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
 

View solution in original post

8 REPLIES 8

L2 Linker

 

SZanpure_1-1656530548914.png

This is my very first reply to my first private message. Therefore I guess the max limit is zero?

L3 Networker

Hello @SZanpure LIVEcommunity admin here! I apologize for this issue. We are working with our community vendor right now for this. I will update here as quickly as possible

L2 Linker

I will post more details here since PM is not working for now.

I have subscribed to NGFW using Marketplace and tried to set the region to eu-west-2 in browser url 

 

SZanpure_0-1656536322514.png

 

After setting my new password, I logged in and set the NGFW region to London in web UI

SZanpure_1-1656536380929.png

 

I then went to Add Account, and clicked Launch Cloudformation template. At this point, it opened a browser tab pointing to us-east-1, and the SNS Topic resource was pointing to us-east-1 as well. If I run the stack like this, it error as per the original post.

I attempted changing the region in AWS console to eu-west-2 at this point, however that did not update CFT parameter values.

 

SZanpure_2-1656536640462.png

Hope this provides a bit more info.

 

 

 

 

Can you try running the template in us-east-1, it doesnt need to run in eu-west-2

Hello Shreyas,
 

Could you please run the cloud formation template in us-east-1 by doing which gets onboarded to us-east-1 and then try changing the region and creating resources in eu-west-2 region

Regards,
Likith R
Product Specialist
Palo Alto Networks
live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
 

NBS Internal


NBS Internal

Hi Likith,

If I run the template in us-east-1, then the cross-account role will be deployed in us-east-1, whereas the rulestacks and NGFW will be deployed in eu-west-2. Will this work?
Also, I don’t think we have any infra in us-east-1 for our dev and prod accounts, apart from some Cloudfront bits.

Are there any plans to launch Palo trusted accounts in eh-west-2? Meanwhile I will try running the template in us-east-1 and create firewall in eu-west-2

Hello Shreyas,

 

Yes it will work If you run the template in us-east-1 and deploy rulestacks and NGFW in eu-west-2 as IAM is global

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW

L2 Linker

This works now as per the solution discussion above thanks.

  • 1 accepted solution
  • 5047 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!