Deploying NSv from AWS GovCloud Console

To deploy NSv from the console, follow these steps

1. Log in to the AWS GovCloud console https://console.amazonaws-us-gov.com.

2. On the Console Home page, navigate to All Services and select EC2

3. Configure a VPC.

The virtual machine can be deployed on a new or existing VPC. To create a VPC refer to https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html.

4. Follow these steps to launch the SonicWall NSv:

   1. From the EC2 Dashboard, select Launch Instance.

      

   2. In the Name and Tags field, enter a name for the instance.

   3. Click the Application and OS Images (Amazon Machine Image) section, and search for the SonicWall NSv.

   4. On the Choose an Amazon Machine Image (AMI) page, click Select next to the SonicWallNSv (Firewall/Security/VPM/Router) - BYOL.

   5. Click the Instance Type section, and select an instance type corresponding to the SonicWallNSv model you require. For guidance, refer to Product Matrix and Requirements and Supported NSv Series Models on AWS.

   6. Click the Key Pair (login) section to assign a key pair for the instance.

      

      1. Select an existing key pair from the drop-down.

         Or

         Proceed without a key pair from the drop-down

         Or

         Click Create new key pair and follow the below steps.

         • Enter the Key pair name.
         • Select the key pair type and the private key file format.
         • Click Create key pair.

      2. After you create a new key pair, store the private key file in a secure and accessible location before continuing.

   7. Click Network settings section and select Edit.

   8. From the VPC drop-down menu, select a VPC to deploy the virtual machine.

      

   9. From the Subnet drop-down menu, select the subnet that will serve as the public or WAN interface (X1) for the virtual machine.

   10. Select the Firewall (security groups).

       • To select existing security groups, choose Select existing security group
       • To create a new security groups, choose Create Security Group

   11. The following steps to be followed for creating a new security group:

       1. Create the Security Group Rules and ensure to select the following rules:

          1. Allow SSH traffic from anywhere.

          2. Allow HTTPS traffic from the internet.

          3. Allow HTTP traffic from the internet.

       2. Enter the Security group name and the Description.

       3. Enter the Security Group Rules.

          1. Security group rule 1 (by default)

             • Type - ssh
             • Protocol - TCP
             • Port range - 22

          2. Security group rule 2 (by default)

             • Type - HTTPS
             • Protocol - TCP
             • Port range - 443

          3. Security group rule 3

             For security group rule 3 by default Type (HTTP), Protocol (TCP), and Port range (40) to be changed.

             Change the default values as follows:

             • Type - Custom TCP
             • Protocol - TCP
             • Port range - 8443

   12. Click the Configure storage section, configure the disk size and your desired Root volume.

       

   13. Click Advanced Details > User Data and fill the form user data with YAML input.

       If the YAML input is invalid, the deployment leads to inconsistent state.

   14. In the Summary section, review the instance details and then click Launch instance.

       The Select an existing key pair or create a key pair dialog box displays.

       

   15. Select the required option and click Launch instance.

   Deployment takes between 5 to 8 minutes. You can monitor the progress from the EC2 Dashboard.

5. To disable source/destination checking:

   1. Navigate to Instances page and select the instance.

      The instance details are displayed below.

   2. In the instance details sections, navigate to Networking > Network interfaces.

      

   3. Select the interface ID to navigate to the network interfaces page.

   4. On the network interface page, select Actions > Change source/dest. check.

      The Change source/destination check dialog box displays.

   5. Clear the Enable checkbox, and click Save.

6. To assign an Elastic IP:

   1. On the EC2 Dashboard, in the left navigation menu, select Elastic IPs.

      Ensure that an Elastic IP address is already allocated. If no Elastic IP address is allocated, select the Elastic IP and click Allocate Elastic IP address > keep the default settings, and select Allocate.

   2. On the Elastic IP address page, select the free Elastic IP and click Actions > Associate Elastic IP address.

      

   3. In the Associate Elastic IP address dialog box, enter the following information.

      • Resource type: Select the Instance or Network interface

      • Insatnce/Network interface: Select the target instance or ENI

      • Private IP address: Select the appropriate private IP (if multiple are available)

   4. Click Associate.

7. Connect to the virtual machine web management interface:

   1. Now that you have associated an Elastic IP to the SonicWallNSv instance, you are able to connect to the web management interface by entering the IP address into your browser.

   2. Enter the username: admin, and the password, which is the AWS instance ID of the newly created SonicWallNSv instance such as i-02axxxxxxxxxxxxxx given by your SonicWall representative.

After installing and configuring the network settings for your NSv Series virtual machine, you can log in to SonicOS management and register it in your MySonicWall account. See Registering the NSv Virtual Machine as BYOL.