Skip to content

Commit

Permalink
feat(examples): Add sample configuration for SCM
Browse files Browse the repository at this point in the history
  • Loading branch information
@michalbil
michalbil committed Oct 2, 2024
1 parent 56aa606 commit 46ade41
Show file tree
Hide file tree
Showing 16 changed files with 238 additions and 46 deletions.
12 changes: 10 additions & 2 deletions examples/multi_nic_common/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,14 @@ The following steps should be followed before deploying the Terraform code prese
1. Prepare [VM-Series licenses](https://support.paloaltonetworks.com/)
2. Configure the terraform [google provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication-configuration)

## Bootstrap

With default settings, firewall instances will get the initial configuration from generated `init-cfg.txt` and `bootstrap.xml` files placed in Cloud Storage.

The `example.tfvars` file also contains commented out sample settings that can be used to register the firewalls to either Panorama or Strata Cloud Manager (SCM) and complete the configuration. To enable this, uncomment one of the sections and adjust `vmseries_common.bootstrap_options` and `vmseries.<fw-name>.bootstrap_options` parameters accordingly.

> SCM bootstrap is supported on PAN-OS version 11.0 and above.
## Usage

1. Access Google Cloud Shell or any other environment that has access to your GCP project
Expand Down Expand Up @@ -59,10 +67,10 @@ terraform apply

4. Check the output plan and confirm the apply.

5. Check the successful application and outputs of the resulting infrastructure:
5. Check the successful application and outputs of the resulting infrastructure (number of resources can vary based on how many instances are defined in tfvars):

```
Apply complete! Resources: 77 added, 0 changed, 0 destroyed. (Number of resources can vary based on how many instances you push through tfvars)
Apply complete! Resources: 77 added, 0 changed, 0 destroyed.
Outputs:
Expand Down
28 changes: 22 additions & 6 deletions examples/multi_nic_common/example.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,8 +176,24 @@ vmseries_common = {
min_cpu_platform = "Intel Cascade Lake"
service_account_key = "sa-vmseries-01"
bootstrap_options = {
# TODO: Modify the values below as per deployment requirements
type = "dhcp-client"
mgmt-interface-swap = "enable"

# Panorama based bootstrap.
# panorama-server = "1.1.1.1"
# panorama-server-2 = "2.2.2.2"
# tplname = "example-template"
# dgname = "example-device-group"
# vm-auth-key = "example-123456789"

# SCM based bootstrap.
# panorama-server = "cloud"
# dgname = "example-scm-folder"
# vm-series-auto-registration-pin-id = "example-pin-id"
# vm-series-auto-registration-pin-value = "example-pin-value"
# authcode = "D123456"
# plugin-op-commands = "advance-routing:enable"
}
}

Expand All @@ -195,9 +211,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
spoke1_gcp_router_ip = "10.10.12.1"
Expand Down Expand Up @@ -256,9 +272,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
spoke1_gcp_router_ip = "10.10.12.1"
Expand Down
8 changes: 7 additions & 1 deletion examples/standalone_vmseries_with_metadata_bootstrap/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,13 @@ show_in_hub: false

A Terraform module example for deploying a VM-Series NGFW in GCP using the [metadata](https://docs.paloaltonetworks.com/vm-series/10-2/vm-series-deployment/bootstrap-the-vm-series-firewall/choose-a-bootstrap-method#idf6412176-e973-488e-9d7a-c568fe1e33a9) bootstrap method.

This example can be used to familarize oneself with both the VM-Series NGFW and Terraform - it creates a single instance of virtualized firewall in a Security VPC with a management-only interface and lacks any traffic inspection.
This example can be used to familarize oneself with both the VM-Series NGFW and Terraform - by default the deployment creates a single instance of virtualized firewall in a Security VPC with a management-only interface and lacks any traffic inspection.

## Bootstrap

By default, only basic bootstrap parameters are enabled. The example also provides sample settings that can be used to register the firewall to either Panorama or Strata Cloud Manager (SCM) and complete the configuration. To enable this, uncomment one of the sections in `bootstrap_options` parameter.

> SCM bootstrap is supported on PAN-OS version 11.0 and above.
## Reference
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
Expand Down
26 changes: 23 additions & 3 deletions examples/standalone_vmseries_with_metadata_bootstrap/example.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,29 @@ vmseries = {
"https://www.googleapis.com/auth/monitoring.write",
]
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
type = "dhcp-client"
dhcp-accept-server-hostname = "yes"
dhcp-accept-server-domain = "yes"
dhcp-send-hostname = "yes"
dhcp-send-client-id = "yes"
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"

# Panorama based bootstrap.
# panorama-server = "1.1.1.1"
# panorama-server-2 = "2.2.2.2"
# tplname = "example-template"
# dgname = "example-device-group"
# vm-auth-key = "example-123456789"

# SCM based bootstrap.
# panorama-server = "cloud"
# dgname = "example-scm-folder"
# vm-series-auto-registration-pin-id = "example-pin-id"
# vm-series-auto-registration-pin-value = "example-pin-value"
# authcode = "D123456"
# plugin-op-commands = "advance-routing:enable"
}
named_ports = [
{
Expand Down
12 changes: 10 additions & 2 deletions examples/vmseries_ha/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,14 @@ The following steps should be followed before deploying the Terraform code prese
1. Prepare [VM-Series licenses](https://support.paloaltonetworks.com/)
2. Configure the terraform [google provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication-configuration)

## Bootstrap

With default settings, firewall instances will get the initial configuration from generated `init-cfg.txt` and `bootstrap.xml` files placed in Cloud Storage.

The `example.tfvars` file also contains commented out sample settings that can be used to register the firewalls to either Panorama or Strata Cloud Manager (SCM) and complete the configuration. To enable this, uncomment one of the sections and adjust `vmseries_common.bootstrap_options` and `vmseries.<fw-name>.bootstrap_options` parameters accordingly.

> SCM bootstrap is supported on PAN-OS version 11.0 and above.
## Usage

1. Access Google Cloud Shell or any other environment that has access to your GCP project
Expand Down Expand Up @@ -85,10 +93,10 @@ terraform apply

4. Check the output plan and confirm the apply.

5. Check the successful application and outputs of the resulting infrastructure:
5. Check the successful application and outputs of the resulting infrastructure (number of resources can vary based on how many instances are defined in tfvars):

```
Apply complete! Resources: 96 added, 0 changed, 0 destroyed. (Number of resources can vary based on how many instances you push through tfvars)
Apply complete! Resources: 96 added, 0 changed, 0 destroyed.
Outputs:
Expand Down
28 changes: 22 additions & 6 deletions examples/vmseries_ha/example.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,8 +239,24 @@ vmseries_common = {
min_cpu_platform = "Intel Cascade Lake"
service_account_key = "sa-vmseries-01"
bootstrap_options = {
# TODO: Modify the values below as per deployment requirements
type = "dhcp-client"
mgmt-interface-swap = "enable"

# Panorama based bootstrap.
# panorama-server = "1.1.1.1"
# panorama-server-2 = "2.2.2.2"
# tplname = "example-template"
# dgname = "example-device-group"
# vm-auth-key = "example-123456789"

# SCM based bootstrap.
# panorama-server = "cloud"
# dgname = "example-scm-folder"
# vm-series-auto-registration-pin-id = "example-pin-id"
# vm-series-auto-registration-pin-value = "example-pin-value"
# authcode = "D123456"
# plugin-op-commands = "advance-routing:enable"
}
}

Expand All @@ -258,9 +274,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
trust_gcp_router_ip = "10.10.12.1"
Expand Down Expand Up @@ -321,9 +337,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
trust_gcp_router_ip = "10.10.12.1"
Expand Down
12 changes: 10 additions & 2 deletions examples/vpc_peering_common/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,14 @@ The following steps should be followed before deploying the Terraform code prese
1. Prepare [VM-Series licenses](https://support.paloaltonetworks.com/)
2. Configure the terraform [google provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication-configuration)

## Bootstrap

With default settings, firewall instances will get the initial configuration from generated `init-cfg.txt` and `bootstrap.xml` files placed in Cloud Storage.

The `example.tfvars` file also contains commented out sample settings that can be used to register the firewalls to either Panorama or Strata Cloud Manager (SCM) and complete the configuration. To enable this, uncomment one of the sections and adjust `vmseries_common.bootstrap_options` and `vmseries.<fw-name>.bootstrap_options` parameters accordingly.

> SCM bootstrap is supported on PAN-OS version 11.0 and above.
## Usage

1. Access Google Cloud Shell or any other environment that has access to your GCP project
Expand Down Expand Up @@ -83,10 +91,10 @@ terraform apply

4. Check the output plan and confirm the apply.

5. Check the successful application and outputs of the resulting infrastructure:
5. Check the successful application and outputs of the resulting infrastructure (number of resources can vary based on how many instances are defined in tfvars):

```
Apply complete! Resources: 96 added, 0 changed, 0 destroyed. (Number of resources can vary based on how many instances you push through tfvars)
Apply complete! Resources: 96 added, 0 changed, 0 destroyed.
Outputs:
Expand Down
28 changes: 22 additions & 6 deletions examples/vpc_peering_common/example.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,8 +215,24 @@ vmseries_common = {
min_cpu_platform = "Intel Cascade Lake"
service_account_key = "sa-vmseries-01"
bootstrap_options = {
# TODO: Modify the values below as per deployment requirements
type = "dhcp-client"
mgmt-interface-swap = "enable"

# Panorama based bootstrap.
# panorama-server = "1.1.1.1"
# panorama-server-2 = "2.2.2.2"
# tplname = "example-template"
# dgname = "example-device-group"
# vm-auth-key = "example-123456789"

# SCM based bootstrap.
# panorama-server = "cloud"
# dgname = "example-scm-folder"
# vm-series-auto-registration-pin-id = "example-pin-id"
# vm-series-auto-registration-pin-value = "example-pin-value"
# authcode = "D123456"
# plugin-op-commands = "advance-routing:enable"
}
}

Expand All @@ -234,9 +250,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
trust_gcp_router_ip = "10.10.12.1"
Expand Down Expand Up @@ -288,9 +304,9 @@ vmseries = {
]
bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"
bootstrap_options = {
panorama-server = "1.1.1.1" # Modify this value as per deployment requirements
dns-primary = "8.8.8.8" # Modify this value as per deployment requirements
dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements
# TODO: Modify the values below as per deployment requirements
dns-primary = "8.8.8.8"
dns-secondary = "8.8.4.4"
}
bootstrap_template_map = {
trust_gcp_router_ip = "10.10.12.1"
Expand Down
8 changes: 8 additions & 0 deletions examples/vpc_peering_common_with_autoscale/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,14 @@ The following steps should be followed before deploying the Terraform code prese
1. Prepare [VM-Series licenses](https://support.paloaltonetworks.com/)
2. Configure the terraform [google provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication-configuration)

## Bootstrap

With default settings, firewall instances will get the initial configuration from generated `init-cfg.txt` and `bootstrap.xml` files placed in Cloud Storage.

The `example.tfvars` file also contains commented out sample settings that can be used to register the firewalls to either Panorama or Strata Cloud Manager (SCM) and complete the configuration. To enable this, uncomment one of the sections and adjust `vmseries_common.bootstrap_options` and `vmseries.<fw-name>.bootstrap_options` parameters accordingly.

> SCM bootstrap is supported on PAN-OS version 11.0 and above.
## Usage

1. Access Google Cloud Shell or any other environment that has access to your GCP project
Expand Down
17 changes: 16 additions & 1 deletion examples/vpc_peering_common_with_autoscale/example.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -248,14 +248,29 @@ autoscale = {
}
}
bootstrap_options = {
# TODO: Modify the values below as per deployment requirements
type = "dhcp-client"
dhcp-send-hostname = "yes"
dhcp-send-client-id = "yes"
dhcp-accept-server-hostname = "yes"
dhcp-accept-server-domain = "yes"
mgmt-interface-swap = "enable"
panorama-server = "1.1.1.1"
ssh-keys = "admin:<your_ssh_key>" # Replace this value with client data

# Panorama based bootstrap.
panorama-server = "1.1.1.1"
panorama-server-2 = "2.2.2.2"
tplname = "example-template"
dgname = "example-device-group"
vm-auth-key = "example-123456789"

# SCM based bootstrap.
# panorama-server = "cloud"
# dgname = "example-scm-folder"
# vm-series-auto-registration-pin-id = "example-pin-id"
# vm-series-auto-registration-pin-value = "example-pin-value"
# authcode = "D123456"
# plugin-op-commands = "advance-routing:enable"
}
network_interfaces = [
{
Expand Down
12 changes: 10 additions & 2 deletions examples/vpc_peering_common_with_network_tags/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,14 @@ With default variable values the topology consists of :

2. Configure the terraform [google provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication-configuration)

## Bootstrap

With default settings, firewall instances will get the initial configuration from generated `init-cfg.txt` and `bootstrap.xml` files placed in Cloud Storage.

The `example.tfvars` file also contains commented out sample settings that can be used to register the firewalls to either Panorama or Strata Cloud Manager (SCM) and complete the configuration. To enable this, uncomment one of the sections and adjust `vmseries_common.bootstrap_options` and `vmseries.<fw-name>.bootstrap_options` parameters accordingly.

> SCM bootstrap is supported on PAN-OS version 11.0 and above.
## Build

1. Access Google Cloud Shell or any other environment which has access to your GCP project
Expand Down Expand Up @@ -65,10 +73,10 @@ terraform apply -var-file=example.tfvars

4. Check the output plan and confirm the apply.

5. Check the successful application and outputs of the resulting infrastructure:
5. Check the successful application and outputs of the resulting infrastructure (number of resources can vary based on how many instances are defined in tfvars):

```
Apply complete! Resources: 115 added, 0 changed, 0 destroyed. (Number of resources can vary based on how many instances you push through tfvars)
Apply complete! Resources: 115 added, 0 changed, 0 destroyed.
Outputs:
Expand Down
Loading

0 comments on commit 46ade41

Please sign in to comment.