Latest posts

Secure the EC2 Instances in the AWS Cloud with PaloAlto VM Series Firewalls

03:12

In this example, the VPC is deployed in the 10.0.0.0/16 network with two /24 subnets: 10.0.0.0/24 and 10.0.1.0/24. The VM-Series firewall will be launched in the 10.0.0.0/24 subnet to which the Internet gateway is attached. The 10.0.1.0/24 subnet is a private subnet that will host the EC2 instances that need to be secured by the VM-Series firewall; any server on this private subnet uses NAT for a routable IP address (which is an Elastic IP address) to access the Internet. Use the Planning Worksheet for the VM-Series in the AWS VPC to plan the design within your VPC; recording the subnet ranges, network interfaces and the associated IP addresses for the EC2 instances, and security groups, will make the setup process easier and more efficient.

Secure the EC2 Instances in the AWS Cloud

Secure the EC2 Instances in the AWS Cloud

The following image depicts the logical flow of traffic to/from the web server to the Internet. Traffic to/from the web server is sent to the data interface of the VM-Series firewall that is attached to the private subnet. The firewall applies policy and processes incoming/outgoing traffic from/to the Internet Gateway of the VPC. The image also shows the security groups to which the data interfaces are attached.

Deploy the VM-Series Firewall as a Cloud Gateway

Deploy the VM-Series Firewall as a Cloud Gateway

 

 

Сomments
24.11.2017
No comments yet.

Leave a Reply

Your email address will not be published. Required fields are marked *