Tested Configurations

Various topologies may be possible to establish using the AWS VPC Configuration Wizard. This section enumerates some of the configurations that were successfully tested.

Platforms

  • Various hardware platforms.

  • 64-bit virtual machines in VMware vSphere/ESX.

  • Amazon EC2 instances (Xen virtual machines) of the Netgate® pfSense® Plus Router/Firewall/VPN AWS AMI.

Local network/routing configurations

  • pfSense® Plus with a public address configured on the WAN interface.

  • pfSense® Plus with a private address configured on the WAN interface behind a 1:1 NAT.

  • pfSense® Plus with a private address configured on the WAN interface behind a PAT (1:many NAT).

VPC Topologies

  • pfSense® Plus connected to a single VPC.

  • pfSense® Plus connected to multiple VPCs in different regions.

  • Amazon EC2 instance of the Netgate pfSense® Plus Router/Firewall/VPN AWS AMI connected to a VPC belonging to the same AWS account in a different region.

  • Amazon EC2 instance of the Netgate pfSense® Plus Router/Firewall/VPN AWS AMI connected to a VPC belonging to a different AWS account in the same region.

The configuration recommended for the greatest amount of stability is to have a public IPv4 address directly configured on the WAN interface of the firewall, but VPNs have been successfully established under all of the conditions listed above.

Whether any of these solutions is appropriate should be evaluated in the context of personal needs and existing infrastructure. Other configurations not listed above may be possible as well.