SonicOS 7 NSv Getting Started Guide for AWS
- SonicOS NSv 7
- Introducing the NSv Series
- Installing SonicOS on the NSv Series
- Supported NSv Models
- Resizing NSv Virtual Machine
- Task List for NSv Instance Setup
- Deploying AWS from Console
- Deploying AWS from Cloud Template
- Accessing the SonicWall NSv Web Interface
- Forwarding Traffic to your NSv
- Configuring Internet/Public Access Through the NSv
- SonicWall Nsv Firewall on AWS GovCloud
- Troubleshooting Installation Configuration
- Licensing and Registering Your NSv
- SonicOS Management
- Using the Virtual Console and SafeMode
- SonicWall Support
Deploying AWS from Cloud Template
This section describes how to deploy NSv to an existing VPC using AWS Cloud Formation Templates. This is referred to as a Launch Stack deployment.
Prerequisites include:
-
AMI ID of NSv
-
A key pair
-
A VPC with:
-
Two subnets:
-
WAN subnet.
-
LAN subnet.
-
-
Two routing tables (in addition to main routing table - main routing table is automatically created when you created your VPC):
-
WAN routing table (with WAN subnet associated with it).
-
LAN routing table (with LAN subnet associated with it).
-
-
An Internet Gateway attached to the VPC.
-
Populate the routing tables after the stack has been deployed successfully.
Steps
-
Go to: https://github.com/sonicwall/sonicwall-nsv-aws-cf-templates
-
Click Launch Stack following the Deploy SonicWall NSv to an existing VPC.
-
To select a Region, identify the region into which you wish to deploy NSv.
You must copy the AMI to the chosen region and have its ID ready.
-
Click Launch Stack under Deploy NSv in existing VPC.
-
Click Next.
-
Specify Stack Name: Name for your stack. The name helps you find a particular stack from a list of stacks.
-
Set the following parameters:
-
Project Name: A name that is added to the resources tag.
-
Location
Availability Zone: Select the Availability Zone into which NSv is launched.
-
Instance
AMI: AMI ID of SonicWall NSv.
Instance Name: A descriptive name for the NSv instance.
Instance Type: Select the type of the instance from the drop-down menu.
Key Pair: Select the key pair. This is the key pair available in AWS that can be used to SSH to the SonicWall NSv management console. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html.
Allow management (ssh/http/https) from this CIDR: Specify the IP address from which management access is allowed on the WAN interface. Must be in IPv4 CIDR notation
x.x.x.x/x
. Open HTTP, HTTPS, and SSH ports for this address in the Ingress Security Group.WAN Interface Subnet ID: Select the subnet id for your WAN interface.
LAN Interface Subnet ID: Select the subnet id for your LAN interface.
Optional Existing Elastic IP Address (EIP): You can specify Allocation ID of an existing Elastic IP address. This EIP can connect to the WAN interface of the NSv. If this field is left blank, the system allocates a new EIP.
-
VPC
VpcId: Select existing VPC to which to deploy NSv.
-
-
Click Next.
-
Click Next.
-
Review details and click Create.
-
Status changes to CREATE_COMPLETE.
-
When the stack creation is complete (Status changes to CREATE_COMPLETE). You can get the management and access details in the Outputs section.
-
Wait at EC2 Dashboard for Instance State — running, AND Status checks — 2/2 checks passed.
-
Change Routing Tables:
-
Change Your LAN routing table to add a route with Destination
0.0.0.0/0
with Target to NSv's LAN Interface. This routes all your LAN traffic to the NSv X0 interface. -
Change your WAN routing table to add a route with Destination
0.0.0.0/0
with Target to your Internet Gateway (igw-xxxxx
). This routes NSv WAN traffic to the Internet Gateway (IGW).
-
-
Your NSv should now be operational. Next, register your NSv as described in Licensing and Registering Your NSv. The following section details how to set up access to the NSv from the public Internet.
Was This Article Helpful?
Help us to improve our support portal