- 최신
- 최다 투표
- 가장 많은 댓글
Yes, this it should work, see below blog. You can use IGW Ingress routing to insert AWS Network Firewall between IGW and NLB.
Seems the approach is to make sure to consider the following step. Virtual Private Cloud (VPC) set up with the necessary public and private subnets. Go to the AWS Firewall Manager console and create a new firewall. Define your firewall rules to allow traffic only from specific third-party public IPs. Configure the rule group associated with your firewall to allow traffic to your NLB's IP. Links for further help https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html
Thank you, let me try this on console tomorrow, will come back if I face any issues. Then I need to automate this. Have a great weekend.
Consider also that NLB now supports security groups: https://aws.amazon.com/about-aws/whats-new/2023/08/network-load-balancer-supports-security-groups/
Thanks for your suggestions.
this approached really worked - except one issue we are struggling to resolve. We placed an FTP solution[a linux VM placed in a private subnet, protected by an NLB in a public subnet attached with EIP, incoming traffic protected using AWS FW, NLB attached with an EIP, for business partners can connect from internet].
Here the issue is, secured FTP worked on port 22, but we need to access the FTP service on port 21 as well. 21 port on this Linux VM, accepting the connection, connection succeeds, but not able to retrieve the directories. There are two target groups created, one listening on 22 and another listening on 21 - both these ports are on the same single linux VM, successfully operating on 22, but 21 still failing.
Any pointers to resolve this would be of great help.
Thanks SVen
Thank you, this article really helped me a lot.