Deploying NG Firewall in Amazon AWS

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search

Overview

Untangle NG Firewall supports deployment via Amazon Web Services (AWS). Untangle NG Firewall for AWS is a 64-bit Amazon Machine Image (AMI) that is launched and managed from the AWS Management Console. This deployment option is useful for example in decentralized network environments that need to route through a remote gateway to enforce policy management, reporting, content filtering, and other types of network security.

Getting Started

Step 1: Select an instance type

Before launching Untangle NG Firewall for AWS, it is necessary to determine the type of licensing model and infrastructure that is appropriate for your intended usage.

Licensing

Untangle NG Firewall for AWS is available in the AWS Marketplace as a Bring-Your-Own-License (BYOL) type of offering. This option enables you to select your preferred license type and apply it in a similar way to the software or virtual appliance deployment types.

Infrastructure

AWS instances are available in different sizes to accommodate the performance requirements of your deployment. The instance types and their associated costs are outlined in the pricing Information section of the AWS Marketplace overview page. The table below provides general guidance to help you identify which instance type to choose based on your intended usage.

Instance Type Specifications Max devices (suggested)
Small 1 vCPU core

2 GB memory

Up to 50 devices
Medium 2 vCPU cores

4 GB memory

Up to 150 devices
Large 2 vCPU cores

8 GB memory

Up to 500 devices
Extra Large 4 vCPU cores

16 GB memory

Up to 5000 devices

Step 2: Add a subscription

Untangle NG Firewall listing in AWS marketplace
Untangle NG Firewall subscription listing in AWS marketplace

Once you have selected a licensing option and instance type, you must add the subscription to your AWS account. This enables you to launch the Untangle NG Firewall instance from the AWS Management Console. Add the subscription by clicking Continue to Subscribe from the AWS Marketplace overview page.

Step 3: Prepare your Virtual Private Cloud (VPC)

A VPC is the virtual networking environment where your AWS instances reside. The quickest way to deploy Untangle NG Firewall for AWS is to launch the instance into the default VPC. In the default VPC configuration AWS automatically configures the required components including the gateway, subnets, and routing.

Deploying the Untangle NG Firewall into the default VPC configuration requires that all hosts route through the appliance via a VPN tunnel. For advanced scenarios involving custom VPCs and routing via network interfaces, refer to Configuring NG Firewall for AWS using routed subnets.

Step 4: Launch the Untangle NG Firewall Instance

To launch Untangle NG Firewall into your VPC:

Untangle NG Firewall AMI listing in AWS marketplace
  1. Click Launch Instance from the EC2 Dashboard in the EC2 Management Console.
  2. Click AWS Marketplace from the menu on the left and search for “Untangle”.
  3. Locate the license option you previously subscribed to and click Select.
  4. Review the product and pricing details and click Continue.
  5. Select the instance type that suits your needs and click Next: Configure Instance Details.
  6. If necessary, adjust the settings of your instance. For simple deployment, make sure the Network matches your default VPC and click Next: Add Storage.
  7. If necessary, increase the storage Size and click Next: Add Tags.
  8. If necessary, assign a tag to help you identify and manage this instance. Click Next: Configure Security Group.
  9. Select Create new security group and assign it a name and description. Set the Type to “All traffic” and Source to “Anywhere”. Click Next: Review and Launch.
  10. Review the summary of your instance and click Launch.
The default storage size is sufficient for light usage. Increase the storage size if you expect more than 50 hosts or if you wish to retain reporting data beyond the default value of seven days. Refer to the Performance Guide for tips to reduce the system requirements.

Step 5: Allocate a static IPv4 Address

AWS maps Internet routable IPv4 addresses to your instances dynamically from a pool of addresses. This means that the Internet routable IPv4 address assigned to your instance might change after a reboot or lease expiration. To ensure that your instance maintains the same IPv4 address, you can allocate an Elastic IP Address.

  1. Navigate to the Elastic IPs area of the EC2 Management Console.
    Allocating and associating an elastic IP
  2. Click Allocate new address and continue through the prompts.
  3. Once the IPv4 address is allocated, select it from the list and click ActionsAssociate address.
  4. In the Associate address screen, select your Untangle NG Firewall instance and click Associate.

Step 6: Connect to your instance

To connect to your instance:

  1. Review the status of your Untangle NG Firewall appliance in the Instances area of the EC2 Management Console.
    Instances in AWS management console
  2. Confirm the Instance State is “running”.
  3. Take note of your Instance ID and Public DNS address.
  4. Open a new browser window and connect via HTTPS to your Public DNS address.
  5. Accept the self-signed SSL certificate and proceed to the URL.
  6. At the Untangle NG Firewall login prompt enter the Instance ID as the password and click Login.

Step 7: Configure Untangle NG Firewall for AWS

After you log in to your Untangle NG Firewall for the first time, select the language and proceed with the initial configuration provided by the Setup Wizard.

Setup Wizard

  1. On the first step of the wizard, configure a new administrative password, notification email address, install type, and timezone. Click Network Cards to proceed.
    Setup Wizard step one - Configure the server
  2. On the Identify Network Cards step, choose Continue anyway. Click Internet Connection to proceed.
    Setup Wizard step two - Identify network cards
  3. On the Configure the Internet Connection step, confirm the Auto (DHCP) selection for the Configuration type and review the Status. Click Auto Upgrades to proceed.
    Setup Wizard step three - Configure the Internet connection
  4. On the Configure Automatic Upgrade Settings step, review the automatic upgrades and Untangle Cloud connection options. We recommend enabling both options. Click Finish to complete the wizard.
To simplify the VPC deployment, Untangle NG Firewall for AWS requires only a single network interface. The internal network interfaces associate to each VPN tunnel or connection.