VM series Simple parameters - PaloAltoNetworks/azure GitHub Wiki

overview

this sample template demonstrates the use of a Palo Alto Networks virtualized firewall appliance in conjunction with a standalone NAT VM for the untrust interface as well as a web server and a DB server, each on separate networks, with the associated User Defined Routes (UDRs) to manage traffic flow.

an admin account with an associated password (or ssh-key) is created to facilitate management of the network elements. subsequent configuration of the VM-series firewall is required in order to establish connectivity for all hosts. this will be accessible via the management interface

parameters

the following configuration parameters are configurable within the azureDeploy.parameters.json file.

adminUsername

Required: yes
Example: jdoe
Description: username for administrative accounts on all of the hosts within this deployment topology.

"adminUsername": {
    "value": "<UserName for all VMs in this template, cannot be admin or root>"
},

adminPassword

Required: required if not using ssh-key Example: Th!5s4mpl3st1nx
Description: The supplied password must be between 6-72 characters long and must satisfy at least 3 of password complexity requirements from the following:

1. Contains an uppercase character
2. Contains a lowercase character
3. Contains a numeric digit
4. Contains a special character.

"adminPassword": {
    "value": "<Password for all VMs>"
},

sshKey

Required: yes, if using ssh public-key authentication
Example: see below
Description:

this parameter should be used in conjunction with the associated ssh key template(s). the GEN-SSH-PUB-KEY placeholder in the template is for testing with the azure travis CI system. if you are utilizing ssh public key authentication for the VMs in this template you will need to generate a key pair and insert the public key contents in here.

additional info can be found at the following location:

• https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-linux-ssh-from-linux/

"sshKey": {
  "value": "ssh-rsa examplezaC1yc2EAAAADAQABAAABAQCt0Tnp9jYk1zwLMn7XAgz5k4+2tag3aOA5YKkyxEDxhEjsGuZG/0jh+vln2pWG4pkyPyrS+zp4EtYUeKfe1NmBUN3JaifYKFPpcp8m4zk24NKop5e88Oh6KeWjhSX/r5D/kpR1EZawymqRO0Uk5k+v4KL5r0f3Q/05lFFTcobWdl7zXld1gmyNl/1O7dgRwhATHUxTYMuSIoExA6dMueXX7doWDG/NoxOyF5dzjUUoI4PX4eLIlwHKCqy48wLVdsEA18w9oix4OXldRFCZ7DB3nnuZZmrCWmuMedXjw5Eg6CjrWYPwYmWvnF67ojhqXN3IecuQ7meFrOMe/exampleRR jdoe@hostname"
},

newStorageAccountName

Required: yes
Example: jdoevmseries01

"newStorageAccountName": {
  "value": "<your storage account name: new/existing>"
},

existingStorageAccountRG

Required: yes
Example: TODO

"existingStorageAccountRG": {
  "value": "<your storage account name: new/existing>"
},

dnsNameForPublicIP

Required: yes
Example: jdoevmseries01-fw-ext

"dnsNameForPublicIP": {
  "value": "<Globally unique lowercase name for VM-Series eth0 (MGMT)>"
},

vmName

Required: yes
Example: panw-vfw-71x
Description: this will be the name of the VM-series firewall in the Azure portal. visible in either the resource manager or virtual machines tabs.

"vmName": {
  "value": "<Name of VM-Series in Azure portal>"
},

vmSize

Required: yes
Example:
Description: Azure VM specification. valid VMs for the VM-series firewall are as follows.

• Standard_D3
• Standard_D4

"vmSize": {
  "value": "Standard_D3"
},

srcIPInboundNSG

Required: yes
Example: 192.0.2.1 or 192.0.2.0/24
Description: IPv4 address or prefix range specified using CIDR notation specifying the source address for access to the management interface of the VM-series firewall.
Note(s):
if you do not want to restrict this access you may use a value of *, however, it is recommended that you restrict access to this interface to known management address ranges.

"srcIPInboundNSG": {
  "value": "<Your Source IP for Default NSG>"
},