Deploying a Firewall

Supported firewalls are Check Point CloudGuard, Fortinet FortiGate, and Palo Alto VM-Series.

Supported firewall managers are Panorama (Palo Alto VM-Series).

After firewalls are launched, you can configure them to check traffic flow.

AWS only: If you want to launch a firewall, you must first subscribe to a firewall instance in the AWS Marketplace.

See here for Bootstrap Configuration information.

You can have more than one firewall in a FireNet Transit gateway.

  1. On the Security > FireNet > Firewall tab, click +Firewall to open the Deploy Firewall dialog and add a new firewall instance.

    From here you can also import a firewall you previously created in your cloud portal.

  1. If deploying a new firewall, fill out the following fields:

    Field

    Description

    Transit FireNet Gateway Instance

    Select the Transit FireNet gateway instance to associate with this firewall.

    Attach Firewall to FireNet after Launching

    Yes/No

    Select Yes to enable the firewall (the firewall instance is inserted into the data path). If you select No, the firewall is not attached at this time. You can attach it later.

    Availability Domain (OCI only)

    Data center within a region

    Fault Domain (OCI only)

    Fault domain is within Availability Domain; fault domains let you distribute your instances so that they are not on the same physical hardware within a single Availability Domain

    Zone (GCP)

    Availability Zone

    Name

    Your name for the firewall instance

    Firewall Image

    The image for your desired firewall: Palo Alto, Check Point, or Fortinet FortiGate.

    Firewall Image Version

    Select a currently supported firewall image version.

    Firewall Instance Size

    Select an instance size for the firewall. The available sizes vary based on the selected FireNet instance and type of firewall.

    Egress Interface Subnet

    Select the subnet to use for egress.

    Key Pair Name (Check Point CloudGuard, Fortinet FortiGate) (optional)

    Only displays if you enable Boostrap Configuration.

    Add a Key-Value pair for firewall authentication.

    Management Interface Subnet (Palo Alto/AWS only)

    Subnet of the Palo Alto firewall management interface.

    Authentication (Azure)

    Password or SSH Public Key

    If you select Password, enter a password of your choice.

    If you select SSH Public Key, enter the SSH Public Key of the firewall.

    Username (Azure)

    Username of your choice ('admin' is not allowed).

    Bootstrap Configuration (optional)

    Enable/Disable

If you have enabled the Bootstrap Configuration to deploy your firewall, configure those fields before clicking Save.