Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Image Refresh #2

Merged
merged 9 commits into from
Jan 4, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions examples/centralized_design/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ The Terraform code presented here will deploy Palo Alto Networks VM-Series firew

## Reference Architecture Design

![Simplified High Level Topology Diagram](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/1a9f0188-e95c-4738-8863-eec6710097bc)
![Simplified High Level Topology Diagram](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/7cd35aa0-aad6-4657-bc6a-4e1f887eba27)

This code implements:
- a _centralized design_, which secures outbound, inbound, and east-west traffic flows using an AWS transit gateway (dTGW). Application resources are segmented across multiple VPCs that connect in a hub-and-spoke topology, with a dedicated VPC for security services where the VM-Series are deployed
Expand All @@ -21,7 +21,7 @@ This code implements:
This design supports interconnecting a large number of VPCs, with a scalable solution to secure outbound, inbound, and east-west traffic flows using a transit gateway to connect the VPCs. The centralized design model offers the benefits of a highly scalable design for multiple VPCs connecting to a central hub for inbound, outbound, and VPC-to-VPC traffic control and visibility. In the Centralized design model, you segment application resources across multiple VPCs that connect in a hub-and-spoke topology. The hub of the topology, or transit gateway, is the central point of connectivity between VPCs and Prisma Access or enterprise network resources attached through a VPN or AWS Direct Connect. This model has a dedicated VPC for security services where you deploy VM-Series firewalls for traffic inspection and control. The security VPC does not contain any application resources. The security VPC centralizes resources that multiple workloads can share. The TGW ensures that all spoke-to-spoke and spoke-to-enterprise traffic transits the VM-Series.


![](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/9674179/21d0f29e-d0da-4b50-a33b-e37f260e9c13)
![image](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/8eb3934c-4e18-4e68-8ef1-d5db7a32834d)

## Prerequisites

Expand Down
5 changes: 3 additions & 2 deletions examples/centralized_design_autoscale/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ The Terraform code presented here will deploy Palo Alto Networks VM-Series firew

## Reference Architecture Design

![Simplified High Level Topology Diagram](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/1a9f0188-e95c-4738-8863-eec6710097bc)
![Simplified High Level Topology Diagram](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/371466fb-43b2-4ca8-99f0-7a03ed19bd80)


This code implements:
- a _centralized design_, which secures outbound, inbound, and east-west traffic flows using an AWS transit gateway (TGW). Application resources are segmented across multiple VPCs that connect in a hub-and-spoke topology, with a dedicated VPC for security services where the VM-Series are deployed
Expand All @@ -20,7 +21,7 @@ This code implements:
### Centralized Design
This design supports interconnecting a large number of VPCs, with a scalable solution to secure outbound, inbound, and east-west traffic flows using a transit gateway to connect the VPCs. The centralized design model offers the benefits of a highly scalable design for multiple VPCs connecting to a central hub for inbound, outbound, and VPC-to-VPC traffic control and visibility. In the Centralized design model, you segment application resources across multiple VPCs that connect in a hub-and-spoke topology. The hub of the topology, or transit gateway, is the central point of connectivity between VPCs and Prisma Access or enterprise network resources attached through a VPN or AWS Direct Connect. This model has a dedicated VPC for security services where you deploy VM-Series firewalls for traffic inspection and control. The security VPC does not contain any application resources. The security VPC centralizes resources that multiple workloads can share. The TGW ensures that all spoke-to-spoke and spoke-to-enterprise traffic transits the VM-Series.

![](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/9674179/47d0ec0b-9080-4af2-b82b-0445e6910975)
![image](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/d48410f4-4974-47d9-8b7d-58f1a59578b3)

### Auto Scaling VM-Series

Expand Down
5 changes: 3 additions & 2 deletions examples/combined_design/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ The Terraform code presented here will deploy Palo Alto Networks VM-Series firew

## Reference Architecture Design

![Simplified High Level Topology Diagram](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/9c08a6e3-bb3e-49c8-87ec-2fccb914899e)
![Simplified High Level Topology Diagram](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/425bb2f3-976f-4262-8595-32f98a9b391a)


This code implements:
- a _centralized design_, which secures outbound, inbound, and east-west traffic flows using an AWS transit gateway (TGW). Application resources are segmented across multiple VPCs that connect in a hub-and-spoke topology, with a dedicated VPC for security services where the VM-Series are deployed
Expand All @@ -25,7 +26,7 @@ This design supports interconnecting a large number of VPCs, with a scalable sol

Inbound traffic originates outside your VPCs and is destined to applications or services hosted within your VPCs, such as web or application servers. The combined model implements inbound security by using the VM-Series and Gateway Load Balancer (GWLB) in a Security VPC, with distributed GWLB endpoints in the application VPCs. Unlike with outbound traffic, this design option does not use the transit gateway for traffic forwarding between the security VPC and the application VPCs.

![Detailed Topology Diagram](https://github-production-user-asset-6210df.s3.amazonaws.com/9674179/240822321-37a7ffc1-134a-4037-b174-5a2abe44f475.png)
![image](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/730327e8-cb90-4d80-9b1c-e5ee927e0cc7)

## Prerequisites

Expand Down
5 changes: 3 additions & 2 deletions examples/combined_design_autoscale/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ The Terraform code presented here will deploy Palo Alto Networks VM-Series firew

## Reference Architecture Design

![Simplified High Level Topology Diagram](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/9c08a6e3-bb3e-49c8-87ec-2fccb914899e)
![Simplified High Level Topology Diagram](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/9179d258-e8a8-4041-84b2-9e70147596ca)


This code implements:
- a _centralized design_, which secures outbound, inbound, and east-west traffic flows using an AWS transit gateway (TGW). Application resources are segmented across multiple VPCs that connect in a hub-and-spoke topology, with a dedicated VPC for security services where the VM-Series are deployed
Expand All @@ -26,7 +27,7 @@ This design supports interconnecting a large number of VPCs, with a scalable sol

Inbound traffic originates outside your VPCs and is destined to applications or services hosted within your VPCs, such as web or application servers. The combined model implements inbound security by using the VM-Series and Gateway Load Balancer (GWLB) in a Security VPC, with distributed GWLB endpoints in the application VPCs. Unlike with outbound traffic, this design option does not use the transit gateway for traffic forwarding between the security VPC and the application VPCs.

![Detailed Topology Diagram](https://user-images.githubusercontent.com/9674179/230622195-dba54106-24be-42aa-bce8-411487d46528.png)
![image](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/a57e31a6-2ade-4dce-8815-cc2bc913606a)

### Auto Scaling VM-Series

Expand Down
5 changes: 3 additions & 2 deletions examples/isolated_design/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ The Terraform code presented here will deploy Palo Alto Networks VM-Series firew

## Reference Architecture Design

![Simplified High Level Topology Diagram](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/f1dbcd98-43c4-4038-ab47-a9239d4b1e8b)
![Simplified High Level Topology Diagram](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/f85ab263-941f-4a54-8b90-29e3c9201a03)


This code implements:
- an _isolated design_, which secures outbound and inbound traffic flows using AWS Gateway Load Balancer (GWLB). Application resources are segmented across multiple VPCs that distribute traffic to the dedicated VPC for security services where the VM-Series are deployed.
Expand All @@ -26,8 +27,8 @@ The Isolated Design model centralizes the security instances in a dedicated secu
Inbound traffic originates outside the VPC and is destined to applications or services hosted within your VPCs, such as web servers. This design uses the GWLB and VM-Series firewalls in the security VPC, with GWLB endpoints in the application VPCs for the transparent inspection of inbound traffic.


![image](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/e3359141-f6f6-43a9-a308-3c7d03774429)

![](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/9674179/8527796a-9e26-48bd-b903-11e118efc611)

## Prerequisites

Expand Down
4 changes: 2 additions & 2 deletions examples/isolated_design_autoscale/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ The Terraform code presented here will deploy Palo Alto Networks VM-Series firew

## Reference Architecture Design

![Simplified High Level Topology Diagram](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/f1dbcd98-43c4-4038-ab47-a9239d4b1e8b)
![Simplified High Level Topology Diagram](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/9c85b873-4ecc-4416-abb9-f51da9c37a94)

This code implements:
- an _isolated design_, which secures outbound and inbound traffic flows using AWS Gateway Load Balancer (GWLB). Application resources are segmented across multiple VPCs that distribute traffic to the dedicated VPC for security services where the VM-Series are deployed.
Expand All @@ -22,7 +22,7 @@ The Isolated Design model centralizes the security instances in a dedicated secu

Inbound traffic originates outside the VPC and is destined to applications or services hosted within your VPCs, such as web servers. This design uses the GWLB and VM-Series firewalls in the security VPC, with GWLB endpoints in the application VPCs for the transparent inspection of inbound traffic.

![](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/9674179/06c9c5f3-eb4f-4636-bbbc-c45d0e8b0290)
![image](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/8fd4f388-5241-40e1-b3df-3a3632c46e81)

### Auto Scaling VM-Series

Expand Down
2 changes: 1 addition & 1 deletion examples/panorama_standalone/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ The topology consists of :
- VPC with 2 subnets in 2 availability zones
- 2 Panorama instances with a public IP addresses and static private IP addresses

![](https://user-images.githubusercontent.com/9674179/235086359-e846b901-e01b-45b2-92d0-81c94b4220e9.png)
![image](https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/e5da6263-16cc-4ac2-a081-40e6ac0d575c)

## PAN-OS software version

Expand Down
2 changes: 1 addition & 1 deletion examples/vmseries_standalone/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ The topology consists of :
- VPC with 1 subnet in 1 availability zones
- 1 VM-Series instances with a public IP address and static private IP address

<img src="https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/9674179/9e41457a-0465-4e73-8a4a-8ab20e4cf3ad" width="45%" height="45%" >
<img src="https://github.com/PaloAltoNetworks/terraform-aws-swfw-modules/assets/2110772/602ad0ee-26d0-4b69-9d4c-552031bdc7ca" width="45%" height="45%" >

## PAN-OS software version

Expand Down