SonicOS 7 System
- SonicOS 7
- Interfaces
- About Interfaces
- Interface Settings IPv4
- Adding Virtual Interfaces
- Configuring Routed Mode
- Enabling Bandwidth Management on an Interface
- Configuring Interfaces in Transparent IP Mode (Splice L3 Subnet)
- Configuring Wireless Interfaces
- Configuring WAN Interfaces
- Configuring Tunnel Interfaces
- Configuring VPN Tunnel Interfaces
- Configuring Link Aggregation and Port Redundancy
- Configuring One Arm Mode
- Configuring an IPS Sniffer Mode Appliance
- Configuring Security Services (Unified Threat Management)
- Configuring Wire and Tap Mode
- Layer 2 Bridged Mode
- Key Features of SonicOS Layer 2 Bridged Mode
- Key Concepts to Configuring L2 Bridged Mode and Transparent Mode
- Comparing L2 Bridged Mode to Transparent Mode
- Comparison of L2 Bridged Mode to Transparent Mode
- Benefits of Transparent Mode over L2 Bridged Mode
- ARP in Transparent Mode
- VLAN Support in Transparent Mode
- Multiple Subnets in Transparent Mode
- Non-IPv4 Traffic in Transparent Mode
- ARP in L2 Bridged Mode
- VLAN Support in L2 Bridged Mode
- L2 Bridge IP Packet Path
- Multiple Subnets in L2 Bridged Mode
- Non-IPv4 Traffic in L2 Bridged Mode
- L2 Bridge Path Determination
- L2 Bridge Interface Zone Selection
- Sample Topologies
- Configuring Network Interfaces and Activating L2B Mode
- Configuring Layer 2 Bridged Mode
- Asymmetric Routing
- Configuring Interfaces for IPv6
- 31-Bit Network Settings
- PPPoE Unnumbered Interface Support
- Failover & LB
- Neighbor Discovery
- ARP
- MAC IP Anti-Spoof
- Web Proxy
- PortShield Groups
- Static and Transparent Mode
- SonicOS Support of X-Series Switches
- About the X-Series Solution
- Performance Requirements
- Key Features Supported with X-Series Switches
- PortShield Functionality and X-Series Switches
- PoE/PoE+ and SFP/SFP+ Support
- X-Series Solution and SonicPoints
- Managing Extended Switches using GMS
- Extended Switch Global Parameters
- About Links
- Logging and Syslog Support
- Supported Topologies
- Port Graphics
- Port Configuration
- External Switch Configuration
- External Switch Diagnostics
- Configuring PortShield Groups
- VLAN Translation
- IP Helper
- Dynamic Routing
- DHCP Server
- Configuring a DHCP Server
- Configuring Advanced Options
- Configuring DHCP Option Objects
- Configuring DHCP Option Groups
- Configuring a Trusted DHCP Relay Agent Address Group (IPv4 Only)
- Enabling Trusted DHCP Relay Agents
- Configuring IPv4 DHCP Servers for Dynamic Ranges
- Configuring IPv6 DHCP Servers for Dynamic Ranges
- Configuring IPv4 DHCP Static Ranges
- Configuring IPv6 DHCP Static Ranges
- Configuring DHCP Generic Options for DHCP Lease Scopes
- DHCP and IPv6
- Multicast
- Network Monitor
- AWS Configuration
- SonicWall Support
IAM Group and User
IAM Identities, including Users and Groups, can be created and managed from the IAM page in the AWS Management Console.
Assuming that the AWS Account is already created and that an Administrator with either Root access or widespread privileges is logged into that account, it is then necessary to create an IAM User, if one does not already exist, that is used by the firewall to access the various AWS APIs for the services supported by the firewall.
You need certain permissions to access the different services. These permissions can either be granted directly to the user or included in a security access policy assigned to an IAM Group and then the user added to that group.
The security policy used, either for a group to which the user belongs or attached to the user directly, must include the following permissions:
AmazonEC2FullAccess | For AWS Objects and AWS VPN |
CloudWatchLogsFullAccess | For AWS Logs |
Creating a group is described in the IAM Documentation. It is not strictly necessary to create a group; the permissions can be assigned directly to a user, however, it is common practice to define such a group so that it can be used for multiple users.
A user must be created. That user can be created specifically for use by the firewall alone. However, if the same user is going to access the AWS Management Console, the relevant checkbox must be ticked. In either case, the user must have "programmatic access".
The second step of the Add User wizard determines which permissions the user will have assigned, either through adding the user to a group or attaching the permission policies directly.
After reviewing the details of the user to be created and pressing the Create User button, there is a final and critical stage.
DO NOT LEAVE THE ADD USER WIZARD
You must retrieve the Secret Access Key that has been created for the user. The Secret Access Key together with the Access Key is used in the configuration of the firewall. It will be needed for all API access to AWS. You should either copy it to a safe location or download the CSV file and keep that in a safe, secure location.
Finally, the newly created user with their required permissions can be seen in the IAM Users section of the AWS Console.
If you miss getting the Secret Access Key, it is possible to create another access Key from the User section of the IAM Console. Indeed, it is considered good practice to rotate Access Keys.
Was This Article Helpful?
Help us to improve our support portal