Create an NGFW Resource on AWS
Table of Contents
Create an NGFW Resource on AWS
Now that you have created rulestacks and rules,
you can create an NGFW resource and associate a local rulestack
with that NGFW. During the configuration of your NGFW, you must
choose how NGFW endpoints are created—automatically or manually.
If you chose to manually create NGFW endpoints, you must create NGFW enpoints in
the availability zones you specify.
Complete the following
steps to create an NGFW.
- SelectNGFWs.
- ClickAdd Firewall.
- Enter a descriptiveName.
- (Optional) Enter aDescription.
- Select anAWS Accountfrom the drop-down to associate with this NGFW.
- Select aVPCfrom the drop-down.
- In thePolicy Managementsection, select aLocal Rulestackfrom the drop-down.
- Specify AWS availability zones or subnets. You must specify whether or not the Cloud NGFW tenant will (service-managed mode) or will not (customer-managed mode) deploy NGFW endpoints.
- Yes(service-managed)—in service-managed mode, the Cloud NGFW tenant automatically creates NGFW endpoints in the VPC subnets you specify. Perform the endpoint management for service-managed mode through Cloud NGFW console only. The endpoint management for service-managed mode can only be done by associating or disassociating a subnet. Associating a subnet creates the endpoint and disassociating a subnet removes the endpoint.
- No(customer-managed)—in customer-managed mode, you must manually create NGFW endpoints in each availability zone you specify.
In theEndpoint Managementsection, you can enable your Cloud NGFW for securing traffic in multiple AWS availability zones. You pay for each AWS availability zone that your NGFW is provisioned to secure traffic. You can manage how the endpoints are created for your NGFW in these availability zones. You pay AWS for each VPC (gateway load balancer) endpoint that you create for your NGFW.
- ClickCreate.