Skip to content
/ terraform-equinix-pa-vm Public

Terraform module for quick deployment of Palo Alto Networks VM series firewall device

License

MIT license
1 star 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

equinix/terraform-equinix-pa-vm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
.github/workflows
.github/workflows
 
 
example
example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Equinix Network Edge: Palo Alto Networks VM series firewall

A Terraform module to create Palo Alto Networks VM series firewall device on the Equinix platform.

Terraform status License

Supported device modes:

Management Mode License mode Notes
Equinix managed Subscription -
Equinix managed Bring your own license license_token required
Self managed Bring your own license -

Requirements

Name Version
terraform >= 0.13.0
equinix/equinix ~> 1.14

Providers

Name Version
equinix/equinix ~> 1.14

Assumptions

  • if account_number is not provided, then Active account within given metro will be used
  • most recent, stable version of a device software for a given software_package will be used
  • secondary device name will be same as primary with -secondary suffix added
  • secondary device notification list will be same as for primary
  • secondary device ssh-key will be same as for primary (if provided)

Example usage

provider equinix {
  client_id     = var.equinix_client_id
  client_secret = var.equinix_client_secret
}

module "pa-vm" {
  source           = "equinix/pa-vm/equinix"
  metro_code       = "SV"
  platform         = "medium"
  software_package = "VM300"
  software_version = "9.0.4"
  name             = "tf-tst-pavm"
  hostname         = "pri"
  term_length      = 1
  notifications    = ["[email protected]"]
  secondary = {
    enabled    = true
    metro_code = "DC"
    hostname   = "sec"
  }
}

Inputs

Name Description Type Default Required
metro_code Two-letter device location's metro code string "" yes
account_number Billing account number for a device. If not provided, active account for a device metro code will be used string 0 no
platform Device hardware platform flavor: small, medium, large string "" yes
software_package Device software package: VM100, VM300, VM500 string "" yes
software_version Device software Version: 9.0.0, 9.0.1, 9.0.4 string "" yes
self_managed Determines device management mode: self-managed or Equinix managed bool false no
byol Determines device licensing mode: bring your own license or subscription bool false no
license_token License token applicable for Equinix managed device in BYOL licensing mode string "" no
name Device name string "" yes
hostname Device hostname prefix string "" yes
term_length Term length in months: 1, 12, 24, 36 number 0 yes
notifications List of email addresses that will receive notifications about device list(string) n/a yes
acl_template_id Identifier of a network ACL template that will be applied on a device string "" no
additional_bandwidth Amount of additional internet bandwidth for a device, in Mbps number 0 no
interface_count Device interface count: either 10 or 19 number 10 no
ssh_key Map of SSH public key attributes map N/A no
secondary Map of secondary device attributes in redundant setup map N/A no

SSH key map attributes:

Name Description Type Default Required
username Username associated with a given public key string "" yes
key_name The name of the SSH public key string "" yes

Secondary device map attributes:

Name Description Type Default Required
enabled Value that determines if secondary device shall be created bool false no
license_token License token applicable in BYOL licensing mode string "" no
metro_code Two-letter secondary device location's metro code string "" yes
account_number Billing account number for a device. If not provided, active account for a device metro code will be used string 0 no
hostname Device hostname prefix string "" yes
acl_template_id Identifier of a network ACL template that will be applied on a secondary device string "" no
additional_bandwidth Amount of additional internet bandwidth for a secondary device, in Mbps number 0 no

Outputs

Name Description
id Device identifier
status Device provisioning status
license_status Device license status
account_number Device billing account number
cpu_count Number of device CPU cores
memory Amount of device memory
software_version Device software version
region Device region
ibx Device IBX center code
ssh_ip_address Device SSH interface IP address
ssh_ip_fqdn Device SSH interface FQDN
interfaces List of network interfaces present on a device
secondary Secondary device outputs (same as for primary). Present when secondary device was enabled

About

Terraform module for quick deployment of Palo Alto Networks VM series firewall device

Topics

terraform firewall sdn nfv paloaltonetworks terraform-module equinix

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

9 watching

Forks

7 forks
Report repository

Releases 1

v1.1.0 Latest
Nov 9, 2021

Packages

No packages published

Contributors 5

Languages