By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Is It Possible to Make an EC2 Instance Part of a VPN Protected by Global Protect

0

What am I running?

  • EC2 instance Ubuntu 22.04 with a static elastic ip address
  • The instance has only one network interface, whose details say it is an Elastic network interface. (I believed every instance has a primary network interface, but I do not see any PNI).

What I want to do?

My company has an on-prem virtual machine running MSSQL server at 192.168.181.75:1433, but that is behind the globalprotect VPN from Palo Alto Networks. Even when I make a call to that database, I have to connect to global protect manually from my laptop. So my question is, is there any special step I need to take to make the EC2 part of the globalprotect network?

I talked to my company network administrator, who want the public IP address of the EC2 instance (which I use for SSH) and the mac address. I got the mac address by entering

$ ip addr

in the terminal, under the ens3 interface. But can I assume these two will remain fixed across stopping and restarting the instance? Also, the inbound/outbound rules have to be altered?

Some readings led me to believe I have to create an ENI, as the primary network interfaces do not support it. But when I checked the instance details, it seems the only interface present is an ENI.

Topics
Networking & Content DeliveryCompute
Tags
Amazon VPCAmazon EC2Networking & Content DeliveryNetwork Security
Language
English
della
asked a year ago486 views
1 Answer
0

Because you're already communicating with your EC2 instance: It has an ENI (which is the network interface); it has a public IP address (which you're using) so you're most of the way there.

The next part is to talk to your network administrator to find out how you configure your instance to join the VPN. You may have to install some software - or you may not (it could already be installed). But you'll definitely have to configure it with some credentials that identify you as part of the trusted VPN network.

The MAC address will remain the same across instance restarts. Make sure that your instance has been allocated an Elastic IP rather than a Public IP. Both are public IP addresses but an Elastic IP is kept the same across instance restarts; a Public IP is changed every time.

profile pictureAWS
EXPERT
Brettski-AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content