- Lab
- A Cloud Guru
Implementing AWS Network Firewall
In this lab, we will be deploying AWS Network Firewall to a VPC and then configuring the environment to allow an EC2 instance access to a web page on the internet. To complete this lab, you must be familiar with the AWS Management Console and understand what the AWS Network Firewall is and the capabilities it has to offer.
Path Info
Table of Contents
-
Challenge
Create Firewall Subnet in VPC
In this objective, we will create a new subnet for the Network Firewall and associate it with the firewall route table created as part of this lab.
Subnet Creation
VPCID = FirstVPC Subnet name = FirewallSubnet Availability Zone = us-east-1a IPv4 CIDR block = 10.0.0.0/28Associate with the Route Table
Route table ID = FirewallSubnetRouteTable -
Challenge
Reconfigure Route Tables to Permit Sending Traffic Destined for the Internet to the Network Firewall
In this objective, we will configure the private subnet route table to send all non-VPC traffic to the firewall.
Edit = FirstVPCRTPrivateAdd Default Route Information
Destination = 0.0.0.0/0 Target = Gateway Load balancer - choose the VPC endpoint, this will be your firewall endpoint.Next, we need to associate the InternetRouteTable with the Internet Gateway.
Under
Edge associations:Edit = add IGW called FirstIGWAdd Route to InternetRouteTable
Destination = 10.0.1.0/24 Target = Gateway Load balancer - choose the VPC endpoint, this will be your firewall endpoint. -
Challenge
Test Access from EC2 Instance
In this objective, you will test internet connectivity to an allowed and denied website.
Log into the EC2 instance using the credentials provided in the lab.
Issue the following command:
curl acloudguru.com -
Challenge
Create Network Firewall Rule Group
In this objective, we will create the firewall rule groups.
Network firewall rule groups
Rule group type = Stateful rule group Name = WebsiteWhiteList Capacity = 10 Stateful rule group options = Domain list Rule order = Default Domain name source = .acloudguru.com Source IPs type = Default Protocols = HTTP and HTTPs Action = Allow -
Challenge
Create Firewall Policy
In this objective, we will be creating the firewall policy, which will be linked to the firewall rule groups created in the previous objective.
Firewall Policies
Name = TestFirewall-{6randomnumbers}-Policy Stream exception policy = DropStateless Default Actions
Choose how to tream fragmented packets = Use the same actions for all packets Action = Forward to stateful rule groupsStateful Rule Evaluation Order and Default Actions
Rule order = DefaultStateful Rule Group
Add = WebsiteWhiteList -
Challenge
Create Network Firewall
In this objective, we get to create the network firewall and link to the firewall policy created previously.
Firewalls
Name = TestNWFW-{6randomnumbers} Use the same numbers as you used for the policy for consistency VPC = FirstVPCFirewall Subnets
Availability Zone - us-east-1a Subnet = FirewallSubnet IP address type = IPv4Associated Firewall Policy
Associate an existing firewall policy = Choose policy you created above
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
