Prerequisites and Requirements

In order to use a Netgate appliance instance to protect your VPC subnets, you will need the following:

  • A VPC.

  • One internet facing (public subnet), which the Netgate appliance instance will have its primary/WAN interface connected to.

  • One or more private subnets, which the Netgate appliance instance will have its secondary/LAN interface (and possibly additional optional interfaces) connected to.

  • Separate routing tables for the internet-facing subnet and the private subnet(s).

  • Separate security groups for the internet-facing subnet and the private subnet(s).

  • An elastic IP or Public IP for the WAN interface of the appliance.

For the purposes of this guide, your VPC will contain two subnets (public and private) as well as an Internet Gateway. The end result should look like the following diagram:

../_images/aws-vpc-diagram.png

Architecture Diagram

If you already have all of these in place with an existing VPC, feel free to skip ahead to Launching an Instance.