Configure NGFW provisioning and finish deploying Cloud Auto-Scaled Firewalls

The NGFW provisioning settings enable the connection between the Cloud Auto-Scaled Firewall instances and the SMC API, and define settings that are applied after each instance starts.

Steps

  1. In the SMC Contact address (FQDN or IP address) field, enter the fully qualified domain name (FQDN) or the public IP address of the SMC API.
    Make sure that the information that you enter here matches the common name or subject alternative name in the certificate for the SMC API.
    Tip: You can find the FQDN or IP address of the SMC API in the Host Name field on the SMC API tab of the Management Server Properties dialog box in the Management Client.
  2. (Optional) If the SMC API uses a port other than the default port, enter the SMC API port number in the SMC rest API port field.
    The default port number is 8082.
  3. In the SMC rest API key field, enter the authentication key of the SMC API Client.
  4. Make sure that Yes is for Check REST API TLS certificate options.
    When Yes is selected, the TLS certificate of the SMC API is validated when NGFW Engine elements are automatically created.
    Note: The No option is intended only for testing purposes. We do not recommend selecting No in a production environment.
  5. Next to the Upload SMC rest API certificate field, click the file browser icon, then select the certificate file.
    Tip: To find the certificate in the Management Client, select Configuration, then browse to Administration > Certificates > TLS Credentials.
  6. (NGFW 6.5 and higher) In the Engine Location field, enter the name of the Location element that is selected for the NGFW Engine when the NGFW Engine element is created.
    The Location element must already exist before you deploy the NGFW Engine. The name must match the name of the Location element in the SMC.
    Note: Make sure that you have defined contact address exceptions for this location in the properties of the Management Server and the Log Server.
  7. (Recommended) In the Engine policy name field, enter the name of the Firewall Policy that is uploaded to the NGFW Engine after the NGFW Engine element is created.
    The Firewall Policy must already exist before you deploy the NGFW Engine. The name must match the name of the Firewall Policy element in the SMC.
    Note: If you do not specify a Firewall Policy, you must manually install a policy using the Management Client after deploying the NGFW Engine.
  8. (Optional) From the Engine Auto delete when shutting off options, select No if you want the NGFW Engine elements to stay in the SMC when the NGFW Engine instances shut down or are restarted in Azure.

    When Yes is selected, the NGFW Engine elements are automatically deleted when the NGFW Engine instances shut down or are restarted in Azure.

    If you select No, you must manually remove unused Cloud Auto-Scaled Firewalls in the Management Client.

  9. (Optional) If the default value of the NGFW VM Size option does not meet your needs, select a different value.
    We recommend selecting a general purpose VM size that has a SKU that starts with the letter D and at least 4 GB of RAM.
  10. Click OK.
    The deployment continues to a summary and the configuration is validated.
  11. When the validation is finished, click OK.
  12. Review the terms of use, then click Create.
  13. Add one or more load balancing rules and configure scaling for the Cloud Auto-Scaled Firewalls.
    For instructions, see the Microsoft Azure documentation at https://docs.microsoft.com/en-us/azure/.

Result

The NGFW Engine deployment starts and NGFW Engine elements are automatically created in the SMC. When deployment is finished, you can check the status using the Management Client. You can preview the NGFW Engine properties in the Engine Editor, but you cannot make changes to the configuration.