-poster-00001.jpg)
Follow these steps to install an enforza firewall instance in AWS using userdata and the AWS Console
Create a new AWS EC2 instance (select an Ubuntu or Debian image)
Scroll down and input the following into the User data input box
#!/bin/bash
curl -s -L https://efz.io/install | bash
If you want to log on to your linux server via SSH, select an existing SSH key pair or create a new one.
The new EC2 linux server will now be built. You can see the progress and details by clicking the link (i-xxxxxxx)
The "Instance State" is now running and your linux server has been built.
In the background, the enforza agent is being installed and provisioned automatically.
As this server is acting as a firewall router, we need to disable the source/destination check.
Click on Actions > Change source/dest. check
Uncheck the Enable tickbox
As you are provisioning a firewall, we need to allow all traffic on the network interface and let the enforza agent deal with the traffic filtering. Look at the page from Step 5, scroll down, and click on the security group.
Note: it is highly recommended that you do not allow all traffic on an interface that is not a security appliance!
Change the security group to type: All traffic, Source: Custom - 0.0.0.0/0 then Save rules
After a couple of minutes, go back to the Instances view, click the checkbox next to your newly provisioned firewall. Then Actions > Monitoring and troubleshooting > Get system log
This is the system log of your newly provisioned firewall.
In here we can see the enforza claim key - you need this to be able to claim your device from the enforza portal.
The key is next to "efzClaimKey0" - select and copy this to clipboard.
Success!!
You have provisioned a firewall in AWS with the enforza agent installed.
Simply go to the enforza management portal, claim your device, and push some policies.
Click here for the Quickstart Guide for the next steps.