AWS only: If you want to launch a firewall, you must first subscribe to a firewall instance in the AWS Marketplace.
| Field | Description |
|---|---|
| Transit FireNet Gateway Instance | Select the Transit FireNet gateway instance to associate with this firewall. |
| Attach Firewall to FireNet after Launching | Yes/No Select Yes to enable the firewall (the firewall instance is inserted into the data path). If you select No, the firewall is not attached at this time. You can attach it later. |
| Availability Domain (OCI only) | Data center within a region |
| Fault Domain (OCI only) | Fault domain is within Availability Domain; fault domains let you distribute your instances so that they are not on the same physical hardware within a single Availability Domain |
| Zone (GCP) | Availability Zone |
| Name | Your name for the firewall instance |
| Firewall Image | The image for your desired firewall: Palo Alto, Check Point, or Fortinet FortiGate. |
| Firewall Image Version | Select a currently supported firewall image version. You can select a Palo Alto firewall version greater than 9.1.3 for a GCP Transit FireNet if you select one of the available Flex Next-Generation firewall options. |
| Firewall Instance Size | Select an instance size for the firewall. The available sizes vary based on the selected FireNet instance and type of firewall. |
| Egress Interface Subnet | Select the subnet to use for egress. |
| Key Pair Name (Check Point CloudGuard, Fortinet FortiGate) (optional) | Only displays if you enable Bootstrap Configuration. Add a Key-Value pair for firewall authentication. |
| Management Interface Subnet (Palo Alto/AWS only) | Subnet of the Palo Alto firewall management interface. |
| Authentication (Azure) | Password or SSH Public Key. If you select Password, enter a password of your choice. If you select SSH Public Key, enter the SSH Public Key of the firewall. |
| Username (Azure) | Username of your choice (‘admin’ is not allowed). |
| Bootstrap Configuration (optional) | Enable/Disable. If you have enabled the Bootstrap Configuration to deploy your firewall, configure those fields before clicking Save. |
Firewall Bootstrap Configuration
On the Deploy Firewall dialog, the Bootstrap Configuration option simplifies the initial configuration setup of a firewall within the selected cloud. The Bootstrap Configuration toggle is disabled by default if you have not selected both a firewall instance and a firewall image. After the Bootstrap Configuration toggle is enabled, you can configure your bootstrap options. The fields to complete for bootstrap configuration depend on the selected cloud for the Transit FireNet gateway instance, and the selected firewall. Use the links in the below table to complete the bootstrap configuration. See the firewall example configuration topics for specific firewall image versions, instance size, and more.| Firewall | AWS | Azure | GCP |
|---|---|---|---|
| Check Point | AWS S3 Bucket: IAM Role, S3 Bucket or User Data. Bootstrap Configuration Example for Check Point Security Gateway in AWS/Azure | Azure Storage or User Data. Bootstrap Configuration Example for Check Point Security Gateway in AWS/Azure | Key-Value Pair |
| Fortinet FortiGate | AWS S3 Bucket: IAM Role, S3 Bucket or User Data. Bootstrap Configuration Example for FortiGate Firewall in AWS | Azure Storage: Storage, Container, SAS URL Config, SAS URL License or User Data. Bootstrap Configuration Example for FortiGate Firewall in Azure | Key-Value Pair |
| Palo Alto | AWS S3 Bucket: IAM Role, S3 Bucket or User Data. Bootstrap Configuration Example for VM-Series in AWS | Azure Storage: Storage, Storage Access Key, File-Share Folder, Share-Directory or User Data. Bootstrap Configuration Example for VM-Series in Azure | Bootstrap Bucket Name, Key-Value Pair |