SQS Messaging Between the Application Template and Firewall Template (v2.0)

Post a message to the SQS URL to enable the lambda function in the firewall template to learn about a new network load balancer.
So that the VM-Series firewalls deployed using the firewall-v2.0.template can detect and send traffic to the network load balancers to which you want to automatically distribute incoming traffic, the firewall template includes a lambda function that monitors a Simple Queue Service for messages. The message allows the lambda function to learn about a new network load balancer and then automatically create a NAT policy rule on the firewall to send traffic to the IP address of the network load balancer. In order to route traffic properly within the AWS infrastructure, the message must also include basic information on the DNS, VPC ID, and the AZ to which the network load balancer belongs.
If you are building your own application template, you must set up your application template to post two types of messages to the SQS URL that the firewall template in the VM-Series autoscaling template version 2.0 uses to learn about network load balancers to which it must distribute traffic in your environment:
  • ADD-NLB message that informs the firewalls when a new network load balancer is available.
  • DEL-NLB message that informs the firewalls when a network load balancer has been terminated and is no longer available.
The following examples of each message type includes sample values. You need to modify these message with values that match your deployment.
ADD-NLB Message
msg_add_nlb= { 'MSG-TYPE': 'ADD-NLB', 'AVAIL-ZONES': [{'NLB-IP':'192.168.2.101', 'ZONE-NAME':'us-east-2a', 'SUBNET-ID': 'subnet-2a566243'}, {'NLB-IP':'192.168.12.101', 'ZONE-NAME':'us-east-2b', 'SUBNET-ID': 'subnet-2a566243 '}], 'DNS-NAME': 'publicelb1-2119989486.us-east-2.elb.amazonaws.com', 'VPC-ID': 'vpc-42ba9f2b', 'NLB-NAME': 'publicelb1' }
DEL-NLB Message
msg_del_nlb= { 'MSG-TYPE': 'DEL-NLB', 'DNS-NAME': 'publicelb1-2119989486.us-east-2.elb.amazonaws.com', }
Refer to the AWS documentation for details on how to send a message to an Amazon SQS Queue, or review the describe_nlb_dns.py in the sample application template package to see how the application template constructs the messages.

Related Documentation