Automating Software NGFW Deployments - Learning Happy Hour S1E2

Welcome back for Episode 2 of the new Learning Happy Hour! In this episode, I am joined by Hadi Zadeh, a Melbourne based Global Solutions Architect. Join us as we provision NGFW's for a fictitious organisation "Cafe Coffee Co" utilising terraform scripts and flexible licensing. We walk through the provisioning process of 2 Palo Alto Next Generation Firewalls in an Azure environment, discussing the odds and ends of the process, including bootstrapping with Panorama. If you have a question you would like answered on a future episode, please leave it in the comments below, and as mentioned, if your question is answered, you could receive some sweet Learning Happy Hour SWAG! For more information on the training offered by Palo Alto Networks, please visit: https://www.paloaltonetworks.com/services/education Useful links: Public Cloud Architecture Reference Guides (for deployment guides and architecture): https://www.paloaltonetworks.com/resources/reference-architectures Software NGFW Credit Estimator Tool: https://www.paloaltonetworks.com.au/resources/tools/ngfw-credits-estimator GitHub Resources: https://github.com/Learning-Happy-Hour/cafecoffeeco-vmseries-azure-testing.git Ask a question for a future episode! https://forms.gle/VrWw6gJ1phneJnqM8 Want to learn more? Check out our official Training and Learning options here: https://www.paloaltonetworks.com.au/services/education 00:16 Welcome Message 00:30 Meet Hadi Zadeh 01:20 Intro to Cloud based VM-Series firewalls (AWS + More) 04:22 Overview of what we will be covering and the scenario 06:13 Cafe Coffee Co deployment overview 06:33 Network Diagram and Azure details 13:54 Deployment Guides for Azure/AWS/GCP 15:45 Licensing Details 16:57 Licensing Portal 21:01 Creating the Deployment Profile for Cafe Coffee Co 25:25 Software NGFW Credit Estimator tool 29:35 Licensing and Activating Panorama 32:33 Panorama Licensing Plugin (Activating and Deactivating license for FW's from Panorama) 36:20 Bootstrap Definition in Panorama 39:05 Configuring License Manager 40:30 Bootstrapping Basics 46:45 Terraform Scripts 47:53 Modifying terraform.tfvars file with Activation codes etc... 50:45 Initializing Terraform Build 51:52 Summary of what we are building 52:42 Panorama Template Feature for pushing content 53:52 Four Tenets of a Functioning Firewall 54:47 Network Template Settings (Virtual Routers) 55:29 Security Policy Discussion and IP addresses 57:13 Bouldering Time with Hadi! 58:36 Build completion and Summary of Newly Provisioned IP's 59:30 Summary Diagram and discussion 01:00:08 Azure components created by Terraform Script 01:02:55 Devices now registered with Panorama 01:03:18 Logs for Firewall licensing and activation 01:04:38 Browsing to Cafe Coffee Co Site fails 01:05:46 Updating Objects on firewall to reflect new IP address of Azure LB 01:07:34 Confirming Objects and Policies on Firewalls 01:08:16 Cafe Coffee Co Website works! Deployment complete! 01:09:00 Confirming access via fw logs 01:09:30 Viewer Question - VM-Series on Cloud vs Cloud NGFW 01:12:13 License recovery test when a firewall is destroyed 01:16:00 Where to learn more! Official Training!