Creating MVE Connections to AWS Direct Connect with Palo Alto VM-Series
You can create a network connection from a Palo Alto MVE to AWS with Virtual Cross Connections (VXCs) and AWS Direct Connect. You can create either a Hosted Connection or a Hosted VIF.
You initiate the AWS connection through the Megaport ONE Portal, accept the connection in AWS, and create an interface for the Edge in VM-Series.
Palo Alto Networks provides documentation for VM-Series at VM-Series Tech Docs.
Before you begin
Before you can create a connection to AWS, you need to satisfy these requirements:
Create an MVE (VM-Series firewall). For details, see Creating a VM-Series MVE.
In AWS, ensure that you have configured the Direct Connect gateway, AWS gateway, VPCs, and related attachments and associations.
Creating a connection to AWS from the MVE
With an MVE already created, you can create a connection to AWS. The VXC connection can be one of two AWS models:
Hosted Connections – A Hosted Connection can support one private, public, or transit virtual interface. Hosted Connections are dedicated connections and are recommended for production environments.
Hosted Virtual Interfaces (Hosted VIFs) – Hosted VIFs can connect to public or private AWS cloud services: a Hosted VIF cannot connect to a transit virtual interface. Hosted VIF connections share bandwidth.
Click the link for your preferred connection type for detailed configuration steps.
Creating a connection from the MVE instance to AWS is very similar to creating a connection from a Port or an MCR. The primary difference is the process with Palo Alto Networks VM-Series does not include automatically configuring the MVE in Palo Alto. You need to manually create a subinterface and define VLANs, IP addresses, MD5 values, and BGP peers in the VM-Series console.