# Firewall configuration

In AWS the following components are required to programmatically create the firewall infrastructure:

AWS Network Firewall - This represents the firewall that is deployed in AWS and is associated with a VPC. The firewall can be deployed in various models depending on the requirements. In this sample deployment, the firewall is deployed in a public subnet to inspect all ingress and egress traffic&#x20;

Firewall Policy - The policy is assigned to a firewall and contains the desired rules and behavior of the firewall. Rules are created as part of the rule groups.

Firewall Rule Groups - Firewall rules are either stateless or stateful. Once the rule grops are created, they are associated with a policy. Details of the rules are beyond the scope of this document.

**Connections:**

The following diagram depicts the appropriate connections. QMCLOUD offers "Auto Connections" feature that connects most commonly used connections on the canvas automatically thus reducing the effort required by the end users.

<figure><img src="/files/NcwAfGQzfKfoZa2iFh0n" alt=""><figcaption><p>Configuration and connection for AWS Firewall and its associated components</p></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.qmcloud.io/examples/deploy-aws-firewall-and-networking-with-qmcloud/firewall-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.