Creating the Pay As You Go template

Once you have initialized Stormshield Network Security, you need to create a template that you will be able to duplicate later in order to create all your virtual firewalls.

Edit the firewall’s configuration in order to create a template with the base configuration. For example:

  • Edit the default filter policy to adapt it to your needs,
  • Enable the NTP service to synchronize the time on the firewall,
  • Enable the SSHD service if you wish to manage the firewall via SSH,
  • etc.

This list is not exhaustive – enable all the services that your clients will need.

If you are using OVF env (vApp) properties, you are advised to reset their values before creating the template, so that virtual firewalls created from the template will not inherit these values.

  1. Open the vSphere client from your administration workstation.
  2. Select your Pay As You Go virtual machine and click on the Configuration tab in the panel on the right.
  3. Select Settings > vApp Options. The OVF env parameters appear.
  4. Click on Edit and delete all the values of Global configuration and Network interface parameters.

After you have completed the configuration, use the paygprep executable file to convert the virtual machine into a Pay As You Go template.

  1. Access the firewall's console via the hypervisor or via an SSH client.
  2. Run the command paygprep.
    You will be informed that the virtual machine will shut down at the end of the process.
  3. When you see the question Do you want to continue?, answer y (Yes).
  4. When you see the question Do you want to reset the configuration?, answer n (No), unless you wish to use a default configuration.
  5. When you see the question Do you want to configure the VM with wizardinit or OVF environment at next boot?, answer y (Yes) if you wish to edit the network settings, the host name, the admin password, and the client ID of the deployed machine at boot time.
    The summary of the settings that you have just defined will appear.Summary of the paygprep command
  6. When you see the question Do you want to continue?, answer y (Yes) if the information is correct.
    The virtual machine will start shutting down.
  7. In your hypervisor, right-click on your Pay As You Go virtual machine, and select the Template > Convert to template in vSphere, or Convert to template in XenCenter and KVM. On Hyper-V, clone the virtual machine to create the template.

The virtual machine becomes a Pay As You Go template, which you can then duplicate whenever you need it.