Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

How to use Serial Console / EC2 connect in AWS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to use Serial Console / EC2 connect in AWS

L2 Linker

Hi All ,

 

Workstation(Dynamic Public IP) - > Used to access Panorama mgmt Interface (mgmt interface is allowing only that workstation IP)

 

The management interface of my Panorama is configured to allow only one particular IP . Now since that workstation has got new IP , we cannot connect to the Panorama VM in AWS any more.

 

Is there a possibility to access the Panorama VM (EC2 instance) sing serial console access in AWS ?? 

 

How Palo Alto is providing the Out of band management architecture guidelines to deal with these situations in Public Cloud environment ??

 

Traditionally if any goes wrong to the remote access of the Palo Alto box , we had the previledge to goto Data-center , connect serial cable and resolve . Whats the equivalent of the same in AWS/Azure ??

 

Note - The Ec2 instance type used here is m4.large.

 

@admin , @jperry1  , @

1 accepted solution

Accepted Solutions

L2 Linker

As long as you know the user name and password, EC2 Serial Console works with Panorama.  I just realized that you mention m4 instance type.  Serial console only works with Nitro based instance.  If you are running 9.0 or greater, you can shutdown the instance and convert it to an m5.  Ideally is better to control access to instances with Security Group and NACLs rather than within the PANOS config.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-serial-console.html

 

View solution in original post

4 REPLIES 4

L2 Linker

@jmeurer , @BPry  , @Warby  -- Any pointers . Need urgent help to restore connectivity to management interface.

L2 Linker

As long as you know the user name and password, EC2 Serial Console works with Panorama.  I just realized that you mention m4 instance type.  Serial console only works with Nitro based instance.  If you are running 9.0 or greater, you can shutdown the instance and convert it to an m5.  Ideally is better to control access to instances with Security Group and NACLs rather than within the PANOS config.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-serial-console.html

 

Hi @jmeurer  -- Is it safe to change the instance type to M5 , for serial console . Fix the issue , then again change it back to m4 ??

 

Is there any risk in doing this ?

 

As per AWS doc , it shouldn't be problem -

"Upgrade Or Resize EBS Backed EC2 Instance

If the EC2 instance you want to change has an EBS (Elastic Block Store) root partition, you can simply change or ‘resize’ the instance.  The instance type that you want to resize to must be compatible with the current instance type, otherwise you will need to create a new instance and migrate your apps and data to the new instance (see next section for details on how to do this)."

 

Just wanted to be sure.

It shouldn’t be a problem but I would snapshot it first.  You may also want to consider leaving it an M5, better performance and you should compare the per hour running cost, it could be cheaper.

  • 1 accepted solution
  • 7688 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!