- Le plus récent
- Le plus de votes
- La plupart des commentaires
Palo Alto has a good deployment guide to designing and configuring Palo Alto VM in AWS with the purpose of inspecting traffic passing from VPCs through a Transit Gateway.
Check their centralised design model.
In the centralised design model, you segment application resources across multiple VPCs that connect in a hub-and-spoke topology. The hub of the topology, or transit gateway, is the central point of connectivity between VPCs and Prisma Access or enterprise network resources attached through a VPN or AWS Direct Connect.
The second half of the guide includes step-by-step instructions to configure the AWS infrastructure and Palo Alto itself.
Here is the guide on how to accomplish that https://aws.amazon.com/blogs/networking-and-content-delivery/centralized-inspection-architecture-with-aws-gateway-load-balancer-and-aws-transit-gateway/
If you're planning to deploy a single Palo Alto VM, then you can remove the GWLB.
The idea would be the spoke VPCs (PROD, TEST, DEV) would have a default route to the inspection VPC, and from the inspection VPC to the Palo Alto ENI, and then the NATGW.
Contenus pertinents
- demandé il y a 4 mois
- demandé il y a 2 ans
- demandé il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 5 ans
Thank You Max
Happy to help, Ali. If the response accurately and directly answers your question, please consider marking it as "accepted" to help other community members easily find information they are seeking.