Skip to content

VM series WebApp sample

Jump to bottom
steve ulrich edited this page Jun 14, 2016 · 3 revisions

overview

this sample template demonstrates the use of a Palo Alto Networks virtualized firewall appliance in conjunction with a standalone NAT VM for the untrust interface as well as a web server and a DB server, each on separate networks, with the associated User Defined Routes (UDRs) to manage traffic flow.

an admin account with an associated password (or ssh-key) is created to facilitate management of the network elements. subsequent configuration of the VM-series firewall is required in order to establish connectivity for all hosts.

parameters

the following configuration parameters are configurable within the azureDeploy.parameters.json file.

adminUsername

Required: yes
Example: jdoe
Description: username for administrative accounts on all of the hosts within this deployment topology.

"adminUsername": {
    "value": "<UserName for all VMs in this template, cannot be admin or root>"
},

adminPassword

Required: yes
Example: Th!5s4mpl3st1nx
Description: The supplied password must be between 6-72 characters long and must satisfy at least 3 of password complexity requirements from the following:

  1. Contains an uppercase character
  2. Contains a lowercase character
  3. Contains a numeric digit
  4. Contains a special character.
"adminPassword": {
    "value": "<Password for all VMs>"
},

userImageStorageAccountName

Required: yes
Example: jdoevmseries01

"userImageStorageAccountName": {
  "value": "<your storage account name: new/existing>"
},

dnsNameForFwPublicIP

Required: yes
Example: jdoevmseries01-fw-ext

"dnsNameForFwPublicIP": {
  "value": "<Globally unique lowercase name for VM-Series eth0 (MGMT)>"
},

dnsNameForNATPublicIP

Required: yes
Example: jdoevmseries01-nat-ext

"dnsNameForNATPublicIP": {
  "value": "<Globally unique lowercase name for NAT VM>"
},

fwVmName

Required: yes
Example: panw-vfw-71x
Description: this will be the name of the VM-series firewall in the Azure portal. visible in either the resource manager or virtual machines tabs.

"fwVmName": {
  "value": "<Name of VM-Series in Azure portal>"
},

fwVmSize

Required: yes
Example:
Description: Azure VM specification. valid VMs for the VM-series firewall are as follows.

  • Standard_A1
  • Standard_A2
  • Standard_A3
  • Standard_A4
  • Standard_D1
  • Standard_D2
  • Standard_D3
  • Standard_D4
"fwVmSize": {
  "value": "Standard_D3"
},

fromGatewayLogin

Required: yes
Example: 192.0.2.1 or 192.0.2.0/24
Description: IPv4 address or prefix range specified using CIDR notation specifying the source address for access to the management interface of the VM-series firewall.
Note(s):
if you do not want to restrict this access you may use a value of *, however, it is recommended that you restrict access to this interface to known management address ranges.

"fromGatewayLogin": {
  "value": "<Your Source IP for Default NSG>"
},

IPAddressPrefix

Required: yes
Example: 192.168
Description: IPv4 prefix used to specify the address blocks used in the sample topology.
Note(s):
the following value corresponds to the subnets which have been allocated for the sample topology. you may use this value or modify this at your discretion.

"IPAddressPrefix": {
    "value": "192.168"
}
Clone this wiki locally