The following firewall configuration was used in the sample deployment
In AWS the following components are required to programmatically create the firewall infrastructure:
AWS Network Firewall - This represents the firewall that is deployed in AWS and is associated with a VPC. The firewall can be deployed in various models depending on the requirements. In this sample deployment, the firewall is deployed in a public subnet to inspect all ingress and egress traffic
Firewall Policy - The policy is assigned to a firewall and contains the desired rules and behavior of the firewall. Rules are created as part of the rule groups.
Firewall Rule Groups - Firewall rules are either stateless or stateful. Once the rule grops are created, they are associated with a policy. Details of the rules are beyond the scope of this document.
The following diagram depicts the appropriate connections. QMCLOUD offers "Auto Connections" feature that connects most commonly used connections on the canvas automatically thus reducing the effort required by the end users.
Configuration and connection for AWS Firewall and its associated components