- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-29-2022 08:47 AM
Hi,
I am trying to deploy NGFW in eu-west-2, but it's failing on the Cloudformation template. Steps below:
1. Subscribe to NGFW via AWS Marketplace (which is global and not per region).
2. Click on the verification email and set up new password. Then login.
3. Go to Add account, and then launch cloudformation termplate.
At this point, the template opens up in us-east-1 region by default, and changing the region to eu-west-2 in AWS console does not change the cloudformation template parameter values (Trusted Account ID, ExternalID and SNS). Deploying the template with these values fails
One thing I want to try is change the region in NGFW Web UI first (In the Rulestack/NGFW section), and then click Add Account to see if it makes a difference. Again, I could not find anything in the docs about this, but I could be looking in the wrong place.
This would be mean I have to un-subscribe, wait for an hour and re-subscribe. While I wait, any suggestions about what I might be missing please?
Thanks,
Shreyas
06-29-2022 02:29 PM
Hello Shreyas,
Could you please run the cloud formation template in us-east-1 by doing which gets onboarded to us-east-1 and then try changing the region and creating resources in eu-west-2 region
Regards,
Likith R
Product Specialist
Palo Alto Networks
live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
06-29-2022 12:23 PM
This is my very first reply to my first private message. Therefore I guess the max limit is zero?
06-29-2022 01:40 PM
Hello @SZanpure LIVEcommunity admin here! I apologize for this issue. We are working with our community vendor right now for this. I will update here as quickly as possible
06-29-2022 02:04 PM
I will post more details here since PM is not working for now.
I have subscribed to NGFW using Marketplace and tried to set the region to eu-west-2 in browser url
After setting my new password, I logged in and set the NGFW region to London in web UI
I then went to Add Account, and clicked Launch Cloudformation template. At this point, it opened a browser tab pointing to us-east-1, and the SNS Topic resource was pointing to us-east-1 as well. If I run the stack like this, it error as per the original post.
I attempted changing the region in AWS console to eu-west-2 at this point, however that did not update CFT parameter values.
Hope this provides a bit more info.
06-29-2022 02:28 PM
Can you try running the template in us-east-1, it doesnt need to run in eu-west-2
06-29-2022 02:29 PM
Hello Shreyas,
Could you please run the cloud formation template in us-east-1 by doing which gets onboarded to us-east-1 and then try changing the region and creating resources in eu-west-2 region
Regards,
Likith R
Product Specialist
Palo Alto Networks
live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
06-29-2022 03:05 PM
06-29-2022 05:16 PM
Hello Shreyas,
Yes it will work If you run the template in us-east-1 and deploy rulestacks and NGFW in eu-west-2 as IAM is global
Regards,
Likith R
Product Specialist
Palo Alto Networks
live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
07-04-2022 01:21 AM
This works now as per the solution discussion above thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!