Create Firewall

Create Firewall:

In this activity you will create firewall to inspect/filter your network traffic. Firewall connects the inspection rules in the firewall policy to the VPC that the rules protect

Step 1 : Create firewall:
  • Go to VPC > Amazon Network Firewall > Firewalls and click on Create firewall
  • Under Firewall details:
    • Specify Name
    • Under VPC, select inspection-vpc
    • Under Availability Zone, select respice zones
    • Under Subnet select inspection-vpc-firewall-subnet-a and inspection-vpc-firewall-subnet-b and click on Next
  • Under Associated firewall policy:
    • Select Associate an existing firewall policy and select inspection-firewall-policy-anfw-centralized
  • Add tags (optional) and click Create Firewall:
  • At this point, you should have a Firewall that’s being provisioned. be patient, this can take some time.

Configure Logging:

While your firewall is being provisioned, let’s configue logging:

  • Scroll down to Logging and click on Edit:
  • Under Edit firewall logging configuration:

    • For Log type select both Alert and flow
    • Under Log destination for alerts select CloudWatch log group and select /anfw-centralized/inspection-fw/alert
    • Under Log destination for flows select CloudWatch log group and select /anfw-centralized/inspection-fw/flow

    and click Save:

At this point, you should have a firewall in Ready state:

Be patient, it can take some time for firewall to provision

Retrieve firewall endpoint ids:

Once firwall is in Ready state, we need to retrieve firewall endpoint ids. These are the endpints created inspection-vpc which be used as targets to route traffic to your firewall: