Creating the SNS PAYG virtual firewall template

Once the SNS PAYG firewall is initialized, you must create a template that you can duplicate later to create all your SNS PAYG virtual firewalls.

Configuring the firewall template

Edit the firewall’s configuration in order to create a template with the base configuration. For example:

  • Edit the default filter policy to adapt it to your needs,
  • Enable the NTP service to synchronize the time on the firewall,
  • Enable the SSHD service if you wish to manage the firewall via SSH.

This list is not exhaustive. Enable all the services that your clients will need.

Deleting OVF env parameters (VMware only)

If you are using OVF env (vApp) properties, you are advised to reset their values so that firewalls created from the template will not inherit these values.

  1. Open vSphere Client from your administration workstation.
  2. Select your PAYG virtual machine and click on the Configuration tab in the panel on the right.
  3. Select Settings > vApp Options. The OVF env parameters appear.
  4. Click on Edit and clear all the values in the Global configuration and Network interface parameters.

Creating a backup of the virtual machine

We recommend that you create a backup of the virtual machine to anticipate changes that may be made to the template, e.g., version updates or changes to its base configuration.

Converting the virtual machine to a PAYG template

Once you have finished configuring the virtual machine, you must convert it to a PAYG template

  1. Access the firewall's console via the hypervisor or via an SSH client.
  2. Run the command paygprep.
    You will be informed that the virtual machine will shut down at the end of the process.
  3. When you see the question Do you want to continue?, answer y (Yes).
  4. When you see the question Do you want to reset the configuration?, answer n (No), unless you wish to use a default configuration.
  5. When you see the question Do you want to configure the VM with wizardinit or OVF environment at next boot?, answer y (Yes) if you wish to configure the network settings, host name, admin password and client ID of the new deployed machine when it boots.
    The summary of the settings that you have just defined will appear.
  6. When you see the question Do you want to proceed?, answer y (Yes) if the information is correct.
    The virtual machine will start shutting down.
  7. In your hypervisor, right-click on your PAYG virtual machine, and select the Template menu > Convert to template in vSphere or Convert to template in XenCenter and KVM. In Hyper-V, clone the virtual machine to create the template.

The virtual machine will be converted to the PAYG template. You can duplicate it whenever necessary.

Summary of the paygprep command