Tech Docs: The VM-Series Firewall is the Next Link in Your OpenStack Service Chain

The new service chaining Heat orchestration templates for the VM-Series firewall for OpenStack strengthen the bonds between the virtual machines in your datacenter. And with service scaling, you can rapidly deploy additional firewall service instances to adapt to changing network loads.

When you use a service chain to insert a service instance, such as the VM-Series firewall, the Contrail software redirects traffic between two networks through an underlay network to the firewall. If you had additional services, like a load balancer, Contrail would direct traffic through all services in the service chain.

Service scaling adds another layer of flexibility to your service chain by taking advantage of service telemetry data gathered by Ceilometer.  You can customize thresholds for CPU utilization or network load.  When your configured threshold is reached, Contrail deploys or shuts down a firewall service instance.

Add links to your chain using these five easy steps:

1. Download the zip file that includes heat templates and VM-Series bootstrapping files from GitHub.
2. Customize the heat templates for your network topology.
3. (Optional) Define your CPU utilization or network load thresholds for service scaling.
4. Deploy the heat templates from your OpenStack controller.
5. Lock down the security policy to inspect traffic on your network.

The 7.1 and 8.0 VM-Series Deployment Guides have the information you need to start protecting your OpenStack environment.

As always, you can find our content on our Technical Documentation site.

Happy reading!

Your friendly Technical Documentation team

Have questions? Contact us at documentation@paloaltonetworks.com.