Firewall Overview
FireNet supports three firewalls: Check Point CloudGuard, Fortinet FortiGate, and Palo Alto VM-Series. Panorama (firewall manager) is also supported for Palo Alto VM-Series firewalls. After you deploy firewalls you can view them on the Security > FireNet > Firewall tab. You can deploy firewalls from the Firewall tab, or you can import an existing cloud-deployed firewall.
From here you can also:
-
Download the pem key if you need to SSH into the firewall (click the button and select Download Access Key)
When configuring Palo Alto for AWS, you must download the access key to SSH into the firewall and change the password. -
Click the Management UI link to access the firewall UI and configure the firewall to check that FireNet traffic is flowing as expected. See one of the examples below for the suggested configuration.
-
Click the name of the firewall to view firewall details.
Palo Alto
You can use these example configuration documents to configure your Palo Alto VM-Series firewall in the following clouds.
The Controller periodically issues Palo Alto API calls to find out if API can be issued successfully. This is used for route updating purposes, as firewall route updates requires API to work. If the Palo Alto API fails twice consecutively, the Controller declares the firewall is in Inaccessible state, but the firewall should still be attached and be able to forward traffic as long as its health checks pass. |
Fortinet FortiGate
You can use these example configuration documents to configure your Fortinet FortiGate firewall in the following clouds.