the VM-Series Firewalls and the NetScaler VPX
On the AWS management console, launch the
firewalls, launch the load balancer, and edit the route tables you
added when you created the VPC.
the firewalls and perform initial configuration.
Launch the firewalls. See Deploy the VM-Series Firewall on AWS for
system requirements and step-by-step instructions for launching
the firewall and performing initial configuration. For this use
case, you deploy four VM-Series firewalls on each AZ.
IP address assigned to the management interfaces (eth0) of each
firewall is as follows:
Establish an SSH connection to the IP address assigned
to the management interface and perform initial configuration on
the command line interface (CLI) of the VM-Series firewall.
Create and attach two ENIs to each firewall; these
interfaces will serve as the dataplane interfaces on each firewall.
Connect each ENI to the appropriate subnet and security group.
—The dataplane interface IP addresses
192.168.2.254 (to web farm)
192.168.0.254 (external connectivity for internet access)
192.168.0.50—Virtual IP address that will be used
for external access.
192.168.1.50—Subnet IP address that will be used for connecting
to the web farm within the VPC.
and associate Elastic IP Addresses for the firewall and the NetScaler VPX.
Assign Elastic IP Addresses to the interfaces that provide access
from the internet. In this example, the Elastic IP Addresses are
One EIP address maps to the management
interface of each of the four VM-Series firewalls.
the exception of the VM-Series firewall that secures management access,
the Elastic IP address that maps to the management interface of
each VM-Series firewall will be used for out-of-band management.
One EIP address maps to the public-facing interface on the
VM-Series firewall that manages outbound access from the VPC.
Two EIP addresses map to the NetScaler VPX: one is associated
with the NetScaler IP address and the other is bound to the Virtual
Add a new route table, if you did not add
one when setting up the VPC.
a new route that directs all traffic from the web farm to the ENI
that is attached to the web server subnet on the VM-Series firewall
Create and attach the internet gateway to the main
router on the VPC to allow outbound internet access from the VPC.