Prepare the AWS environment for the NGFW deployment.
These instructions use the AWS web management console. For automated and large scale deployment, we recommend using the AWS command
line interface (CLI) tools or lower level programming libraries to communicate with the AWS REST API directly.
These steps provide an overview of the configuration process. For detailed instructions, see the Amazon Elastic Compute Cloud Documentation
and the Amazon Virtual Private Cloud
Documentation.
Steps
-
Create the virtual private clouds (VPCs) and the subnet that the NGFW Engine will be deployed in.
You must deploy the NGFW Engine in a dedicated subnet.
-
In the subnet that the NGFW Engine will be deployed in, create one or more elastic network interfaces (ENIs).
Only one ENI is required. You can optionally create more ENIs depending on your environment. Create one ENI for each physical interface that you added to the Single Firewall
element.
-
Disable the Source/Dest. check option for each engine interface.
The Source/Dest. check option prevents packet forwarding to destinations on other interfaces. When the option is enabled, the firewall cannot act as a
router.
-
Right-click the ENI interface, then select Change Source/Dest. Check.
-
From the Source/Dest. check options, select Disabled.
-
Click Save.
-
Create the required gateways and routing tables and assign them to subnets.