Define a network ACL and a security group for the example deployment

A network access control list (ACL) filters incoming and outgoing traffic for one or more subnets. A security group filters incoming and outgoing traffic for one or more instances.

Before you begin

Attach an Internet gateway to your VPC.

When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from the instance. In the example configuration, the NGFW Engine provides access control, and the ACL for the AWS network allows all traffic.

Note: Network ACLs are stateless. They do not provide stateful connection tracking.

Steps

  1. Create an ACL that allows all inbound and outbound traffic.
    In this example, Test-ACL (acl-3a514053) has ‘any-any-any-allow’ for inbound and outbound traffic.
  2. Associate the ACL with internal and external networks.
  3. Create a security group that allows all inbound and outbound traffic.

Example



Next steps

Configure the SMC.