This task helps you set up the VM-Series firewall that secures the database service on AWS. For the topology and solution details, see Use Case: Deploy the VM-Series Firewalls to Secure Highly Available Internet-Facing Applications in AWS and Solution Overview—Secure Highly Available Internet-Facing Applications.
Configure the VM-Series Firewall that Secures the RDS
Launch the firewalls and perform initial configuration.
Allocate and assign Elastic IP Addresses for the management interface of the VM-Series firewall. See Step 3.
Log in to the web interface of the VM-Series firewall using the Elastic IP Address assigned to the management interface.
Configure the network interfaces. Select Network > Interfaces > Ethernet and click the links to configure ethernet1/1 and ethernet1/2. Configure a DHCP client on each interface and create and attach security zones to each interface. Clear the check box to Automatically create default route to default gateway provided by server to ensure that the RDS does not use the default route provided by the firewall to directly access the internet.
Create the security policy rule that allows traffic to pass from the web servers to the database server.
Create a Source NAT policy that allows outbound traffic initiated by the database server to be routed through ethernet1/2 interface (192.168.3.13) on the firewall to the web servers.
You cannot configure routing on the Amazon RDS. Source NAT policy on the firewall is required to ensure that the traffic is routed properly.

Related Documentation