Steps for Palo Alto VNF insertion: 

Step 1: Configure VNF and License

Step 2: Configure and Enable VNF at Profile and/or at Edge level

Step 3: Monitor the deployment for the VNF using Monitor events, Edges and Network services.

Detailed Steps: 

• click "Sign in" to the Orchestrator (VCO). In this case the Customer Global Retail logs in as Enterprise Admin
• click "Configure Network Services"
• click scroll down to VNF
• click "New". In this step the name and the type is filled in.
• click Name and the name will be auto typed for this demo. Name used is "PALO ALTO WEST COAST VNF 1"
• click VNF type. from the drop down select the palo alto option. Option=Palo Alto Network Firewall.
• click Panaroma (management station for Palo alto) ip address. This address is the primary server address. secondary address is left blank for this demo. 
• Type in the IP address as 172.16.3.52
• click Panaroma Auth Key and type in as "password"
• click save changes.
• This will create the new Palo Alto VNF.
  
  Next step is to work on entering the licenses.
  
  
• click New under VNF Licenses.
• click name and give a name to the license file. For this demo, name will be prepopulated. Name used is "Palo Alto West Coast Lic VM-50"
• click License type from the drop down as "Palo Alto Network Firewall"
• Now, API key and Auth code are also required. For this demo, These will also be pre-polulated for the end user. 
• click "Auth key". Auth key is also pre-populated for this demo. 
• click  "test" to verify the API key and the code. 
• Once the test result is valid, save the changes.
• click on save changes
  
  Next step is to configure the Profile and do configuration at edge level. 
  
  
• click "configure Profile"
• Use the "west coast profile" for this demo as the edge belongs to this profile. 
• click "west coast profile"
• click "devices" 
• click Vlan-> Edit and enable VNF 
• click the VNF check box
• click update VLAN and save changes for the profile. This step can be performed at the edge level too. 
• click Save changes for the profile. 
• click confirm changes to the profile for the new settings.
• click  configure edges. For this demo, VNF is instantiated for SJC Branch Site. 
• click SJC Branch Site. 
• click devices for the SJC Branch Site
• click Scroll down to Configure VLAN. 
• click VLAN 1 and select VNF insertion
• click VNF insertion
• click Update VLAN
• click Security VNF -> Edit
• click Deploy VNF
• click VLAN. Select VLAN 1
• next Management IP address. This address is auto filled for this demo.
• specify host name
• click host name and is auto populated for this demo "PAL-BRANCH-VNF-1"
• click deployment state as Powered on (insertion enabled)
• click "Security VNF from drop down and select the VNF which was created earlier. in this case "PALO ALTO WEST COAST VNF 1"
• click license and select PALO ALTO WEST COAST LIC VM-50
• Device group name and Template name are auto populated for this demo. 
• click update
• click confirm changes
• click Save changes for the edge device
• click confirm changes for edge device. Changes saved successfully mssg is displayed on top right corner of orchestartor. 
  
  Now the configuration is completed for deploying the Palo Alto firewall as a VNF. Next step is to monitor. 
  
  
• click on events to check for the status.
• click on monitor edges to check for the current status
• click Monitor-> Network Services to check for the status.