Queries regarding the Azure Bootstrap Package

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Queries regarding the Azure Bootstrap Package

L2 Linker

Dear and valuable Live Community Members,

 

One of our customers came to us with some questions about Azure Bootstrap Package, but I couldn't find the requested information for that.

We've checked the article where the steps to create new firewalls in Azure are explained (https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/bootstrap-the-vm-series-firewal...), but there are still some open points we need to address. And we would like to check if maybe someone here has some more experience on this and could help to answer the below questions:

 

  1. Is the Bootstrap packet only needed for the first boot or as well for later boots (e.g., during software updates?)
  2. In cases of virtual machine scale sets, does every new machine need to boot from the bootstrap directory?
  3. We are using subfolders (possible since version 10.*.) for different device groups. How does the link between a booting VM and the subdirectory work, how can we configure specific machines to use a specific subdirectory?

 

*And in case it's needed the PAN-OS in use is 10.0.4

 

We will appreciate your help and guidance with the above queries. And please let me know if that'S something we should be asking the TAC.

 

Thank you in advance!

Cheers!

 

2 REPLIES 2

L1 Bithead
  1. Is the Bootstrap packet only needed for the first boot or as well for later boots (e.g., during software updates?)

It's only need to for the first boot of the FW (Creation). For software Update you have 2 options : 

- do the update from panorama (I would not recommends that)

- Change the Marketplace image version of the Scale set and reimage your vm, so your firewall will bootstrap again and you will have a fresh instance (you can also add new instance and delete the old one)

 

  1. In cases of virtual machine scale sets, does every new machine need to boot from the bootstrap directory?

Yes Instances are independent, so any new instance will bootstrap  from the storage account

 

  1. We are using subfolders (possible since version 10.*.) for different device groups. How does the link between a booting VM and the subdirectory work, how can we configure specific machines to use a specific subdirectory?

Subdirectory is an input n the custom data (Azure), personally I'm using different storage account 

L2 Linker

We've involved the PA Team to advise on this and below are the answer supplied by TAC to the queries:

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1. Is the Bootstrap packet only needed for the first boot or as well for later boots (e.g., during software updates?)
>> If you are going to reboot the device later, you can do it unusually with a software upgrade or content. Hence bootstrap package is not required for later boot.

2. In cases of virtual machine scale sets, does every new machine need to boot from the bootstrap directory?
>> Yes, All the firewalls in the scaling will boot from the bootstrap directory.

3. The customer is using subfolders (possible since version 10.*.) for different device groups.
How does the link between a booting VM and the subdirectory work,?
And how can we configure specific machines to use a specific subdirectory?
>> In the user data you can provide a subdirectory path to boot the device.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


As per the documentation: Bootstrap the VM-Series Firewall on AWS:
https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/bootstrap-the-vm-series-firewal...

  • 1496 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!