This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Pre go-live Health checks for auto deployed VMs in AWS

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Pre go-live Health checks for auto deployed VMs in AWS

PA_nts
L3 Networker

‎10-27-2023 07:11 AM

Not sure how to post in the automation section anymore as it now has been moved to read only.

 

Anyways.. need some insight please.

so we recently did a POC to use Terrarorm to autoscale / deploy VMs in AWS cloud. all good and working.

However we need to do a use case for health checks to verify a VM is setup correctly before it goes into production.

question.. can this be done and if so.. what are the processes to use?

in short, when a VM is trigger to deploy, it will auto deploy the VM, auto register to Panorama, pull down config and policies defined in the panorama template stack incl IP addressing(dhcp) routing etc etc.

 

what we are trying to achieve is to do a basic health check on the VM once deployed to verify that the routing table is in place, the Interfaces are UP and has IPs assigned, VM license in place, registered to Panorama, essentially that the VM will work before go live..

this should then be an indicator whether the VM can be placed into production or not.

 

Is this achievable and if so.. any ideas what tools etc.. perhaps API integration or scripts that will initiate out of Terraform to do these?

unless there is a plugin or similar in Panorama that can be utilized perhaps?

 

thanks in adv

0 Likes Likes
2 REPLIES 2

BPry
Cyber Elite
Cyber Elite

‎10-27-2023 09:38 PM

@PA_nts,

Assuming that you won't have a test node behind the VM to actually test everything with prior to it being validated, you can utilize the API to validate preset test criteria to ensure that routing is in place and that basic connectivity through your rulebase and any required NAT will properly match traffic.

 

https://<Firewall>/php/rest/browse.php/op::test

 

 

0 Likes Likes

PA_nts
L3 Networker

‎10-30-2023 06:52 AM

Thanks BPry,

I did the API keygen on our panorama and was able to run some api calls against the panorama which is good..Issue might be for VMs being auto spun up as we need to do a api keygen for each and every new VM  before we can run api calls. so prob will need to run an api call for 'show devices connected' info against panorama, extract IP of new VM devices, then  run an api keygen against these new IPs, extract  the api key, use that then to do the basic checks against the vm.. bit of a process 🙂

 

unless i am missing something?

 

rgds

 

 

 

0 Likes Likes
  • 700 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks