Create Firewall Policy

Create Firewall RuleGroup:

In this activity you will create two rule groups:

  1. Alerting ICMP traffic
  2. Domain filter
Step 1 : Create ICMP rule group:
  • Go to VPC > Amazon Network Firewall > Network Fireall rule groups and click on Create Network Firewall rule group
  • Under Rule group type:
    • Select Stateful rule group
    • Specify Name
    • Set Capacity to 100
    • Under Stateful rule group options select 5-tuple
  • Under Add rule select protocol as ICMP and leave everything else to default and click on Add rule
  • Once the rule is added, scroll down and click on Create stateful rule group
  • icmp-alert rule has been successuflly created. You can optionally choose to create tag by clicking on Edit next Rule group tag
Step 2 : Create domain filter rule group:

You will now create to rule to filter/allow specific domains:

  • Go to VPC > Amazon Network Firewall > Network Fireall rule groups and click on Create Network Firewall rule group
  • Under Rule group type:
    • Select Stateful rule group
    • Specify Name
    • Set Capacity to 100
    • Under Stateful rule group options select Domain list
  • Under Domain list:
    • Add .amazon.com
    • Under Protocols, select both HTTP and HTTPS
    • Under Action select Allow

and click on Create stateful rule group

At this point you should have two rules created: