By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS - public IPv4 cider block

0

Evening folks,

We're looking to setup a "traditional" firewall on AWS using a 3rd party AMI, as we will need to port forward a particular port for different domains I am wondering how we can architect this as AWS only allow a single elastic IP per ENI? Is this just not possible when using 3rd party firewalls on AWS?

So for e.g ...

domain01.com -> port 5553 domain02.com -> port 5553 domain03.com -> port 5553

Topics
Networking & Content DeliveryAWS Well-Architected Framework
Tags
Networking & Content DeliverySecurity
Language
English
whom
asked 2 years ago301 views
2 Answers
0

You can attach multiple ENIs to EC2, but does this mean that the number of ENIs is too small?
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html

Also, I believe that using a CNAME record or similar would allow access to multiple domains, but can't this setting be addressed as well?

profile picture
EXPERT
Riku_Kobayashi
answered 2 years ago
0

I would be looking at building an inspection VPC using gateway load balancers to route internet traffic to your inspection firewalls and then onto your applications if using a “traditional” firewall such as checkpoint.

Something along these lines https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/centralized-inspection-third-party.html

Or

https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/inspecting-inbound-traffic-fa.html

profile picture
EXPERT
Gary Mclean
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content