Launching an Instance

These instructions cover how to launch a new instance of the Netgate® TNSR® appliance from the Amazon EC2 Management Console.

  1. Login to AWS, for example by navigating to


    This URL may be different if using other login functions, such as an IAM role or SSO authentication.

  2. Select the region for the instance to run in:

    • Click the current Region name near the upper right corner of the page

    • Select a new region if necessary

  3. Navigate to the EC2 console

    • Click Services near the top left corner of the page

    • Click Compute on the left navigation menu

    • Click EC2 on the main section of the menu

  4. Enter the Launch Instance Wizard

    • Click the Launch Instance button to open the Launch Instance menu

      This button is in the Launch Instance section which is located under the Resources section of the EC2 dashboard.

    • Click Launch Instance from the menu

  5. Give the new instance a Name, such as TNSR

    Optionally, click Add Additional Tags to create more tags which can be used to identify and locate this instance.

  6. Type Netgate TNSR in the search box and press Enter.

  7. Select AWS Marketplace AMIs if it is not automatically highlighted

  8. Click the Select button for the Netgate TNSR vRouter entry in the search results.

  9. Review pricing and other helpful information, then click Continue.



    TNSR software is also available with an annual subscription instead of hourly. The annual subscription may be purchased from the AWS Marketplace.

    Information about support can be found on the Support Resources page.

  10. Choose an Instance Type from the drop-down, then click Next

    See also

    For guidance on which instance type to choose, see Supported EC2 Instance Types.

  11. Configure an SSH Key Pair

    The Key Pair section of the form sets the SSH key pair used by an SSH client when it connects to the TNSR instance for management.

    For an existing key pair:

    • Click Key pair name

    • Search for and select an existing key pair entry

    To create a new key pair:

    • Click Create new Key Pair

    • Enter a Key pair name, such as TNSR SSH Key

    • Select a Key Pair Type and Private Key Format

      The chosen type and format must be compatible with whichever local SSH client will be used by TNSR administrators

    • Click the Create key pair

    • Select a location to save the key pair locally

  12. Click Edit under Network Settings to allow making changes for the next few steps.

  13. Configure Security Groups

    The default security group only includes a rule to allow SSH. Since this group is for the management interface, allowing additional traffic is unlikely to be necessary, but there are still a few changes to make:

    • Click Create security group under Firewall (security groups)

    • Enter a Security group name, such as TNSR Management or leave it at the default automatic value.

    • Enter a Description for the group, or leave it at the default value.

    • Set the Source type on the default rule for SSH to My IP so it will restrict SSH access to the public address used by the person creating the AMI.

      This is optional, but more secure. If the address is not static, then it may not be viable to restrict this. Setting the value to Anywhere will allow SSH clients to connect from any source ( While not ideal, allowing SSH connection from anywhere is OK because the TNSR for AWS default setup only allows key-based SSH authentication which is resistant to brute force attacks.

  14. Configure Network and Interfaces

    • Select the VPC in which to launch the instance

    • Click Advanced Network Configuration to expand the network interface list

    • Select the Management subnet as the subnet for Network Interface 1

    • Click the Add Network Interface button

    • Select the WAN subnet as the subnet for Network Interface 2

    • Click the Add Network Interface button

    • Select the LAN subnet as the subnet for Network Interface 3

  15. Configure storage

    If this instance will require more than the default 8 GiB disk, increase the value in the Configure Storage section

  16. Verify the settings selected in earlier steps and review any errors or recommendations displayed by AWS

  17. Click Launch instance in the Summary box on the right side