A set of Terraform modules for using Palo Alto Networks VM-Series firewalls to provide control and protection to your applications running on Azure Cloud:
Deploys VM-Series as virtual machines
Configures aspects such as virtual networks, subnets, network security groups, storage accounts, service principals, Panorama virtual machine instances, and more
This set of modules requires a Microsoft Azure subscription and access to Terraform.
Github Location: https://github.com/PaloAltoNetworks/terraform-azurerm-vmseries-modules
Github Branch: develop
Terraform Registry: https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/azurerm/latest
Terraform Versions Supported: The compatibility with Terraform is defined individually per each module. In general, expect the earliest compatible Terraform version to be 0.12.29 across most of the modules.
The description below gives an overview of the module's elements. For detailed information regarding prerequisites and solution usage please review the module documentation. Using these modules currently requires Microsoft Azure and Terraform.
Professional Services is releasing an integration for deploying and managing Software NGFWs on Microsoft Azure with HashiCorp Terraform. Terraform is a popular open source tool for creating automating cloud infrastructure across public cloud providers. With this release, Palo Alto Networks' customers can manage their security infrastructure using the same technology they use to manage the rest of their cloud infrastructure.
Growth Towards The Cloud
Modern virtualized and cloud infrastructures bear little resemblance to traditional data centers designed for predictable levels of computing, storage, and networking resources. Cloud requirements change rapidly, sometimes by the hour. Further, 94% of organizations use more than one cloud platform . The industry has rallied around HashiCorp Terraform for safe and predictable multi-cloud infrastructure automation.
VM-Series customers can now automate the deployment of their security infrastructure as they scale their Azure cloud infrastructure. The open source Azure Terraform modules provide easy integration into customer’s existing DevOps processes. There is no new technology to adopt or buy. This production quality software has been used to deliver cloud projects with dozens of VM-Series customers.
How It Works
A set of modules for using Palo Alto Networks VM-Series firewalls to provide control and protection to your applications running on Azure Cloud. It deploys VM-Series as virtual machines and it configures aspects such as virtual networks, subnets, network security groups, storage accounts, service principals, Panorama virtual machine instances, and more.
... View more
This solution is a tool that allows you to enable additional threat logging on multiple firewalls directly or through Panorama :
Enable the firewall to generate Threat logs for a teardrop attack and a DoS attack using ping of death
Generate Threat logs for the types of packets listed above if you enable the corresponding packet-based attack protection
This solution requires the pan-os-python package and access to the NGFW or Panorama.
Github Location: https://github.com/PaloAltoNetworks/panos-set-additional-threat-log
Github Branches: main
PAN-OS Versions Supported: 8.1.2+
The description below gives an overview of the solution elements. For detailed information regarding prerequisites and solution usage please review the PAN-OS Set Additional Threat Log documentation.
Using the solution currently requires python and a command line.
Clone the repository
Open up the repository in a terminal or other python IDE
Install packages necessary to run code:
pip install pan-os-python
Identify Device Setup
Determine the NGFW and Panorama setup of interest and collect relevant identification for those devices. There are five different options for how to connect and evaluate the solution on the devices.
panorama_all: Run on all devices connected to Panorama
firewall_list: Run direct on list of firewalls by FQDN or IP
panorama_list: Run through Panorama on list of firewalls by Serial, Name, or Management IP
firewall_file: Run direct on list of firewalls from a file
panorama_file: Run on list of firewalls from a file through Panorama
Build and Run command
Based on the device setup chosen above, build the command to execute the solution as defined in the documentation.
The following command can optionally be run on the NGFW CLI to verify that the setting has been enabled:
firewall> show system state filter cfg.general.additional-threat-log
... View more