Now it’s time to deploy a WatchGuard FW cloud EC2 instance in the transit VPC. This is possible from the EC2 dashboard:<\/p>\n\n\n\n
- After logging on the AWS Console<\/a><\/strong> with my personal AWS account, I have selected\u00a0Services > EC2<\/a><\/strong>.<\/li>
- In the EC2 Dashboard<\/strong>, I can easily launch a new instance by Clicking on Launch instance<\/strong> (easy :=)),<\/li><\/ul>\n\n\n\n
![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/image-13.png\")
<\/figure><\/div>\n\n\n\n- I have selected\u00a0AWS Marketplace <\/strong>and type \u2018firebox\u2019 <\/strong>in the search window<\/strong> and have decided to pick the\u00a0Watchguard <\/a>Firebox<\/a> Cloud<\/a> (Hourly)<\/strong>\u00a0AMI.<\/li><\/ul>\n\n\n\n
![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/Screenshot-2020-12-23-at-16.14.10-1-1024x756.png\")
<\/figure><\/div>\n\n\n\n- You will get the pricing details and Click Continue<\/strong><\/li><\/ul>\n\n\n\n
![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/image-15.png\")
<\/figure><\/div>\n\n\n\n- Select the smallest available instance with free tier t2.micro<\/strong> instance type and click Next: Configure Instance details<\/strong><\/li><\/ul>\n\n\n\n
![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/image-16.png\")
<\/figure><\/div>\n\n\n\n- The configure Instance Details step opens.<\/li>
- From the Network<\/strong> drop-down list, select your transit VPC :<\/li><\/ul>\n\n\n\n
![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/image-17.png\")
<\/figure><\/div>\n\n\n\n- From the Subnet<\/strong> drop-down list, select the public subnet to use for eth0.
The subnet you select appears in the Network Interfaces section for eth0<\/em>.<\/em><\/li>- To add a second interface, in the Network interfaces<\/strong> section, click Add Device<\/strong>.
Eth1 is added to the list of network interfaces<\/em>.<\/li><\/ul>\n\n\n\n![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/image-18.png\")
<\/figure><\/div>\n\n\n\n- Click Next: Add Storage<\/strong><\/li><\/ul>\n\n\n\n
![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/image-19.png\")
<\/figure><\/div>\n\n\n\n- Use the default storage size (5 GB). <\/li>
- Click Next: Add <\/strong>Tags<\/strong><\/li><\/ul>\n\n\n\n
![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/image-20.png\")
<\/figure><\/div>\n\n\n\n- Click Next: Configure Security Group<\/strong>. By default, the instance uses a security group that functions as a basic firewall. This security group restricts following ports: HTTPS (TCP 8080), SSH, TCP 4118 (WatchGuard Firewalls may allow remote management using WSM (WatchGuard System Manager) over ports 4117, 4118 TCP).<\/li><\/ol>\n\n\n\n
![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/security-group-1024x262.jpg\")
<\/figure><\/div>\n\n\n\n- Click Review and Launch<\/strong>.
The configured information for your instance appears.<\/em><\/li>- Click Launch<\/strong>.
The key pair settings dialog box opens.<\/em><\/li><\/ol>\n\n\n\nPhase 3 \u2013 Finish configuring the instance of the Firebox<\/h2>\n\n\n\n
In this phase we will finish configuring the EC2 instance of our Firebox.<\/p>\n\n\n\n
Once the firewall is deployed, from the EC2<\/strong> Dashboard<\/strong>, Click on the instance option, the new instance should appear as here:<\/p>\n\n\n\n
![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/Screenshot-2021-01-21-at-15.24.08-1024x23.jpg\")
<\/figure><\/div>\n\n\n\nDisable Source\/Destination Checks<\/strong><\/h3>\n\n\n\n
By default, each EC2 instance completes source\/destination<\/em> checks. For the networks on your VPC to successfully use your instance of Firebox Cloud for NAT<\/strong>, you must disable<\/strong> the source\/destination<\/em> check for the network interfaces<\/strong> assigned to the Firebox Cloud instance.<\/p>\n\n\n\n
Disabling source\/destination check<\/strong>s for the public interface is quite simple:<\/p>\n\n\n\n
- From the EC2 Management Console, select Instances > Instances<\/strong>.<\/li>
- Select the instance of Firebox Cloud.<\/li>
- Select Actions > Networking > Change Source\/Dest. Check<\/strong>. The confirmation message includes the public interface for this instance.<\/em><\/li><\/ul>\n\n\n\n
![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/firebox-instance-2-1024x171.jpg\")
<\/figure><\/div>\n\n\n\n- Click Yes, Disable<\/strong>.
The source and destination checks are disabled for the public & private interface.<\/em><\/li><\/ul>\n\n\n\nAssign<\/strong> an Elastic IP Address to the External Interface<\/strong><\/h3>\n\n\n\n
You must assign an Elastic IP<\/a> (EIP) address to the eth0<\/em><\/strong> interface for the instance of Firebox Cloud. You can use any available EIP address. To make sure you assign it to the correct interface, find and copy the eth0<\/strong><\/em> interface ID <\/strong>of your instance of Firebox Cloud.<\/p>\n\n\n\n
To find the eth0<\/em> interface ID for your instance of Firebox Cloud:<\/p>\n\n\n\n
- From the EC2 Management Console, select Instances<\/strong>.<\/li>
- Select the instance<\/strong> of Firebox Cloud.
The instance details appear.<\/em><\/li>- Click the eth0 <\/em>network interface<\/strong>.
More information about the network interface appears.<\/em><\/li>- Copy the Interface ID<\/strong> value.<\/li><\/ol>\n\n\n\n
To associate the Elastic IP address with the eth0<\/em> interface:<\/p>\n\n\n\n
- From the EC2 Management Console, select Network & Security > Elastic IPs<\/strong>.<\/li>
- Select an available Elastic IP address.<\/li><\/ol>\n\n\n\n
![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/Picture-1-1024x115.png\")
<\/figure>\n\n\n\n- Select Actions > Associate Elastic IP Address<\/strong>.
The Associate Elastic IP Address page opens.<\/em><\/li><\/ol>\n\n\n\n![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/Picture-1.jpg\")
<\/figure><\/div>\n\n\n\nIf you have created 2 sub-interfaces,<\/strong> You can associate two different publics IPs to the interface:<\/p>\n\n\n\n
![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/Mange-IP-Address.jpg\")
<\/figure><\/div>\n\n\n\nRun the Firebox Cloud Setup Wizard<\/strong><\/h3>\n\n\n\n
After you deploy the Firebox Cloud instance, you can connect to Fireware <\/strong>Web UI through the public IP<\/strong> address to run the Firebox Cloud Setup Wizard<\/strong>. You use the wizard to set the administrative passphrase<\/em>s for Firebox Cloud.<\/p>\n\n\n\n
- Connect to Fireware Web UI for your Firebox Cloud with the public IP address:
https:\/\/<eth0_public_IP>:8080<\/em><\/strong><\/li>- Log in with the default Administrator<\/strong> account user name and passphrase<\/strong>:
- User name \u2014 admin<\/strong><\/li>
- Passphrase \u2014 The Firebox Cloud Instance ID<\/li><\/ul><\/li><\/ol>\n\n\n\n
The Firebox Cloud Setup Wizard welcome page opens.<\/em><\/p>\n\n\n\n
- Click Next<\/strong>.
The setup wizard starts.<\/em><\/li>- Review and accept the End-User License Agreement. Click Next<\/strong>.<\/li><\/ul>\n\n\n\n
![\"\"](\"http:\/\/vminded.com\/wp-content\/uploads\/2021\/01\/fireware-Web-UI-1.jpg\")
<\/figure><\/div>\n\n\n\n- Specify new passphrases for the built-in status<\/strong> and admin<\/strong> user accounts.<\/li>
- Click Next<\/strong>.
The configuration is saved to Firebox Cloud and the wizard is complete.<\/em><\/li><\/ol>\n\n\n\nThis is the end of Part 2<\/a>, in Part 3<\/a> we are going to configure the IPSEC route based VPN between the Firebox instance and both a native VPC<\/strong> and a VMC on AWS<\/strong> SDDC<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"
- Click Next<\/strong>.
- Review and accept the End-User License Agreement. Click Next<\/strong>.<\/li><\/ul>\n\n\n\n
- Passphrase \u2014 The Firebox Cloud Instance ID<\/li><\/ul><\/li><\/ol>\n\n\n\n
- Log in with the default Administrator<\/strong> account user name and passphrase<\/strong>:
- Connect to Fireware Web UI for your Firebox Cloud with the public IP address:
- Select an available Elastic IP address.<\/li><\/ol>\n\n\n\n
- Select the instance<\/strong> of Firebox Cloud.
- From the EC2 Management Console, select Instances<\/strong>.<\/li>
- Click Launch<\/strong>.
- Click Review and Launch<\/strong>.
- Click Next: Configure Security Group<\/strong>. By default, the instance uses a security group that functions as a basic firewall. This security group restricts following ports: HTTPS (TCP 8080), SSH, TCP 4118 (WatchGuard Firewalls may allow remote management using WSM (WatchGuard System Manager) over ports 4117, 4118 TCP).<\/li><\/ol>\n\n\n\n
- To add a second interface, in the Network interfaces<\/strong> section, click Add Device<\/strong>.
- From the Subnet<\/strong> drop-down list, select the public subnet to use for eth0.
- Select the smallest available instance with free tier t2.micro<\/strong> instance type and click Next: Configure Instance details<\/strong><\/li><\/ul>\n\n\n\n
- You will get the pricing details and Click Continue<\/strong><\/li><\/ul>\n\n\n\n
- In the EC2 Dashboard<\/strong>, I can easily launch a new instance by Clicking on Launch instance<\/strong> (easy :=)),<\/li><\/ul>\n\n\n\n