- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
12-16-2019 06:27 AM
Hi,
We are looking to start production in AWS and will be spinning up Hosts that need to have Ingress Traffic to Hosts on a TGW. I am looking to do the PAN AWS Sandwich (Good Idea?) for High Availability. But I need some ideas on how to quickly allocated and build NAT Rules as the operations team spins up new Hosts. I am thinking something might could be done with Dynamic Groups In PANs and Tags in AWS. So that when they spin up and tag a new server somehow the rules/NAt's get built in PANs..
Any ideas or feedback on the Sandwich right way for hosting inbound traffic and how to automate or quickly build NAT's would be GREATLY appreciated!
Thanks!
12-16-2019 06:33 AM
You can find the build-out of the LB sandwich with TGW in our reference architecture.
https://www.paloaltonetworks.com/resources/reference-architectures/aws
As far as automation goes, we do have tag monitoring with DAG update capabilities native to the firewall in AWS. That will not solve your NAT Policy question though. Other customers typically build the firewall API calls into their CI/CD pipeline when the back end is built. An example of this flow can be found in our autoscale 2.0/2.1 templates. You can extract the PY code to incorporate it into your DevOps process.
12-16-2019 06:33 AM
You can find the build-out of the LB sandwich with TGW in our reference architecture.
https://www.paloaltonetworks.com/resources/reference-architectures/aws
As far as automation goes, we do have tag monitoring with DAG update capabilities native to the firewall in AWS. That will not solve your NAT Policy question though. Other customers typically build the firewall API calls into their CI/CD pipeline when the back end is built. An example of this flow can be found in our autoscale 2.0/2.1 templates. You can extract the PY code to incorporate it into your DevOps process.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!