Multi-Cloud Security Automation Lab Guide



Welcome to the Multi-Cloud Security Automation Lab!

In this lab we will be learning how to automate the deployment and configuration of infrastructure supporting a web application within a public cloud provider. A key element of this infrastructure is the Palo Alto Networks NGFW.

Following the deployment, we will automate the configuration of the firewall to support and protect protect the web application.

Lastly, we will ensure that the firewall is able to respond effectively to changes made to the application infrastructure. You will have your choice of deploying your application in Google Cloud Platform (GCP), Amazon Web Services (AWS) or both if time permits.


The objective of this workshop is to deploy and secure a WordPress content management system in GCP and AWS. This web application will be supported by an Apache web server and a MariaDB database server residing in two separate subnets.

As part of our infrastructure deployment, a VM-Series NGFW will be inserted between the untrusted public subnet, the web subnet, and the database subnet. However, we will need to configure this virtual firewall to support its network environment and the applications it will be protecting.

Learning Outcomes

  • Understand the various methods for automating the deployment of Palo Alto Networks NGFW instances in cloud environments
  • Learn to use industry-leading configuration management automation tools to implement changes to PAN-OS devices
  • Learn how the Palo Alto Networks NGFW can automatically respond to changes in the network environment