End-of-Life (EoL)

Configure the Firewall that Secures the RDS

This task helps you set up the VM-Series firewall that secures the database service on AWS. For the topology and solution details, see Use Case: Deploy the VM-Series Firewalls to Secure Highly Available Internet-Facing Applications on AWS and Solution Overview—Secure Highly Available Internet-Facing Applications.
  1. Allocate and assign Elastic IP Addresses for the management interface of the VM-Series firewall. See step 3.
  2. Log in to the web interface of the VM-Series firewall using the Elastic IP Address assigned to the management interface.
  3. Configure the network interfaces. Select
    Network
    Interfaces
    Ethernet
    and click the links to configure ethernet1/1 and ethernet1/2.
    1. Configure a DHCP client on each interface and create and attach security zones to each interface.
    2. Clear the check box to
      Automatically create default route to default gateway provided by server
      to ensure that the RDS does not use the default route provided by the firewall to directly access the internet.
    AWS-use-case-Internet-facing-apps_DB_FW_interfaces.png
  4. Create the security policy rule that allows traffic to pass from the web servers to the database server.
    AWS-use-case-Internet-facing-apps_DB_FW_security_policy.png
  5. Create a Source NAT policy that allows outbound traffic initiated by the database server to be routed through ethernet1/2 interface (192.168.3.13) on the firewall to the web servers.
    AWS-use-case-Internet-facing-apps_DB_FW_nat_policy.png
    You cannot configure routing on the Amazon RDS. Source NAT policy on the firewall is required to ensure that the traffic is routed properly.

Recommended For You