Enabling Enhanced Networking with the Elastic Network Adapter (ENA)¶
To enable enhanced networking on AWS, Netgate® pfSense® Firewall/VPN/Router must be version 2.4.1 or above. Use the update wizard in the pfSense console to perform the update if necessary and then ENA can be enabled. Enabling ENA is outlined in the steps below:
Updating the Netgate pfSense Firewall/VPN/Router will force it to reboot and cause a disruption in service. Be sure to perform the update during a maintenance cycle.
Install AWS CLI. Documentation on the installation and use of AWS CLI can be found at https://aws.amazon.com/cli/
Determine the Instance ID for the pfSense Instance from the EC2 Console.
Stop the instance using Amazon EC2 console.
Enable the enhanced networking attribute by executing the following AWS CLI command:
aws ec2 modify-instance-attribute --instance-id i-042c16b65423b7dac --ena-support
Use the EC2 Console to start the pfSense Instance. Once the pfSense Instance has started, confirm that EnaSupport is enabled by executing the following AWS CLI command:
aws ec2 describe-instances --instance-ids i-042c16b65423b7dac --query 'Reservations.Instances.EnaSupport' [ true ]
Change the pfSense Instance Type to one that supports Enhanced Networking using the EC2 console. After selecting an Instance Type that supports Enhanced Networking use the EC2 console to stop the pfSense Instance.
To review the Instance Types please see: https://aws.amazon.com/ec2/instance-types/.
Once the pfSense Instance has stopped, use the EC2 Console to select the pfSense Instance and then under the Actions button select Instance Settings > Change Instance Type and select a new Instance Type.
In the EC2 Console the pfSense Instance should now show an Instance Type of m4.xlarge.
Using the EC2 console select the pfSense Instance and then under the Actions button select Instance State > Start.