This tutorial describes how to configure Palo Alto firewalls to protect an Internet facing web farm in Amazon Web Services (AWS). It includes 3 steps:
- Building the AWS VPC Network
- Building the Palo Alto Network in AWS
- Creating the EC2 Linux Servers
NOTE: Charges may apply when using AWS services. Before proceeding, be sure to read and understand Amazon’s user agreement and the respective charges. Secondly, this tutorial is intended to be a quick reference for setting up the Palo Alto in AWS, and in no way recommends, implies or suggests best practice for securing the environment.
The Network Design
In this tutorial you will create a web server farm behind a Palo Alto firewall in AWS. Web servers will be built in a private DMZ network. An Internet Gateway will be created for Internet access, and Elastic IPs will be used to associate (or NAT) to the public network.