Prerequisites and Requirements

Using a Netgate® appliance instance to protect VPC subnets requires the following:

  • Setup can take 30 minutes to two hours, depending on the user’s familiarity with the tools.

  • An AWS Account.

  • Familiarity with AWS networking.

  • A VPC.

  • One internet-facing subnet, to which the Netgate appliance instance will have its internet-facing WAN interface connected.

  • Two or more private subnets, to which the Netgate appliance instance will have its host management interface, client-facing LAN interface, and possibly additional optional interfaces connected.

  • Separate routing tables for the internet-facing subnet and the private subnets.

  • Separate security groups for the internet-facing subnet and the private subnets.

  • An elastic IP address or public IP address for the WAN interface of the appliance.

For the purposes of this guide, the VPC will contain three subnets (one public and two private) as well as an Internet Gateway. The end result should look like the following diagram:

../_images/diagram-tnsr-aws-vpc.png

Architecture Diagram

If all of these are already in place with an existing VPC, feel free to skip ahead to Launching an Instance.