Deploying Windows 10 from Console

Create a Windows 10 Virtual Machine (VM) similar to the NSv on the AWS VPC, and configure the settings to send the Windows 10 VM's outbound traffic to the NSv LAN interface, instead of using the AWS routing infrastructure.

To deploy Windows 10 from the console, follow these steps

1. Log in to the AWS GovCloud console https://console.amazonaws-us-gov.com.

2. On the Console Home page, navigate to All Services and select EC2

3. Configure a VPC.

The virtual machine can be deployed on a new or existing VPC. To create a VPC refer to https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html.

4. Follow these steps to launch the SonicWallNSv:

   1. From the EC2 Dashboard, select Launch Instance.

      

   2. In the Name and Tags field, enter a name for the instance.

   3. Click the Application and OS Images (Amazon Machine Image) section, and search for the Windows 10.

   4. On the Choose an Amazon Machine Image (AMI) page, click Select next to the Windows 10 Pro.

   5. Click the Instance Type section, and select an instance type you require.

   6. Click the Key Pair (login) section to assign a key pair for the instance.

      

      1. Select an existing key pair from the drop-down.

         Or

         Proceed without a key pair from the drop-down

         Or

         Click Create new key pair and follow the below steps.

         • Enter the Key pair name.
         • Select the key pair type and the private key file format.
         • Click Create key pair.

      2. After you create a new key pair, store the private key file in a secure and accessible location before continuing.

   7. Click Network settings section and select Edit.

   8. From the VPC drop-down menu, select a VPC to deploy the virtual machine.

      

   9. From the Subnet drop-down menu, select the subnet that will serve as the public or WAN interface (X1) for the virtual machine.

   10. From the Auto‑assign public IP, select Disable.

   11. Select the Firewall (security groups).

       • To select existing security groups, choose Select existing security group
       • To create a new security groups, choose Create Security Group

   12. The following steps to be followed for creating a new security group:

       1. Create the Security Group Rules and ensure to select the following rules:

          1. Allow RDP traffic only from internal/trusted source.

          2. Do not allow any inbound traffic directly from the internet.

          3. Allow outbound traffic only toward the NSv LAN interface or subnet.

       2. Enter the Security group name and the Description.

       3. Enter the Security Group Rules.

          1. Security group rule 1 (Inbound – required)

             • Type - RDP
             • Protocol - TCP
             • Port range - 3389

             • Source – NSv LAN subnet CIDR or Bastion Host security group

          2. Security group rule 2 (Inbound – optional, internal only)

             • Type - All traffic
             • Protocol - All
             • Port range - All

             • Source - NSv LAN security group or NSv LAN subnet CIDR

          3. Security group rule 3 (Outbound – required)

             • Type - All traffic
             • Protocol - All
             • Port range - All

             • Destination - NSv LAN subnet CIDR or NSv LAN security group

   13. Click the Configure storage section, configure the disk size and your desired Root volume.

       

   14. Click Advanced Details > User Data and fill the form user data with YAML input.

       If the YAML input is invalid, the deployment leads to inconsistent state.

   15. In the Summary section, review the instance details and then click Launch instance.

       The Select an existing key pair or create a key pair dialog box displays.

       

   16. Select the required option and click Launch instance.

   Deployment takes between 5 to 8 minutes. You can monitor the progress from the EC2 Dashboard.

5. To configure routing:

   1. Navigate to All Services > VPC.

   2. On the VPC dashboard, select Route Tables from the left navigation pane.

   3. In the Route Tables list, identify and select the route table associated with the private subnet where the Windows 10 VM is deployed.

   4. In the lower panel, select the Routes tab.

   5. Click Edit routes.

      The Routes table switches to edit mode.

   6. Select Add route to add a new row.

   7. In the Destination field, enter 0.0.0.0/0 to route all internet‑bound traffic.

   8. In the Target field:

      • Select Network Interface.
      • From the drop‑down list, select the LAN interface (eth1 / eni‑xxxx) associated with the NSv instance.

   9. Click Save changes.