Steps for Palo Alto VNF insertion:
Step 1: Configure VNF and License
Step 2: Configure and Enable VNF at Profile and/or at Edge level
Step 3: Monitor the deployment for the VNF using Monitor events, Edges and Network services.
- click "Sign in" to the Orchestrator (VCO). In this case the Customer Global Retail logs in as Enterprise Admin
- click "Configure Network Services"
- click scroll down to VNF
- click "New". In this step the name and the type is filled in.
- click Name and the name will be auto typed for this demo. Name used is "PALO ALTO WEST COAST VNF 1"
- click VNF type. from the drop down select the palo alto option. Option=Palo Alto Network Firewall.
- click Panaroma (management station for Palo alto) ip address. This address is the primary server address. secondary address is left blank for this demo.
- Type in the IP address as 172.16.3.52
- click Panaroma Auth Key and type in as "password"
- click save changes.
- This will create the new Palo Alto VNF.
Next step is to work on entering the licenses.
- click New under VNF Licenses.
- click name and give a name to the license file. For this demo, name will be prepopulated. Name used is "Palo Alto West Coast Lic VM-50"
- click License type from the drop down as "Palo Alto Network Firewall"
- Now, API key and Auth code are also required. For this demo, These will also be pre-polulated for the end user.
- click "Auth key". Auth key is also pre-populated for this demo.
- click "test" to verify the API key and the code.
- Once the test result is valid, save the changes.
- click on save changes
Next step is to configure the Profile and do configuration at edge level.
- click "configure Profile"
- Use the "west coast profile" for this demo as the edge belongs to this profile.
- click "west coast profile"
- click "devices"
- click Vlan-> Edit and enable VNF
- click the VNF check box
- click update VLAN and save changes for the profile. This step can be performed at the edge level too.
- click Save changes for the profile.
- click confirm changes to the profile for the new settings.
- click configure edges. For this demo, VNF is instantiated for SJC Branch Site.
- click SJC Branch Site.
- click devices for the SJC Branch Site
- click Scroll down to Configure VLAN.
- click VLAN 1 and select VNF insertion
- click VNF insertion
- click Update VLAN
- click Security VNF -> Edit
- click Deploy VNF
- click VLAN. Select VLAN 1
- next Management IP address. This address is auto filled for this demo.
- specify host name
- click host name and is auto populated for this demo "PAL-BRANCH-VNF-1"
- click deployment state as Powered on (insertion enabled)
- click "Security VNF from drop down and select the VNF which was created earlier. in this case "PALO ALTO WEST COAST VNF 1"
- click license and select PALO ALTO WEST COAST LIC VM-50
- Device group name and Template name are auto populated for this demo.
- click update
- click confirm changes
- click Save changes for the edge device
- click confirm changes for edge device. Changes saved successfully mssg is displayed on top right corner of orchestartor.
Now the configuration is completed for deploying the Palo Alto firewall as a VNF. Next step is to monitor.
- click on events to check for the status.
- click on monitor edges to check for the current status
- click Monitor-> Network Services to check for the status.
How likely is it that you would recommend this demo to a friend or colleague?
Not at all likely Extremely likely
Thanks, we appreciate your feedback!