• SonicOS NSv 7
• Introducing the NSv Series
  • Feature Support Information
  • Product Matrix and Requirements
  • Backup and Recovery Information
  • Exporting and Importing Firewall Configurations
  • Github Repository
  • Upgrading from SonicOS 6.5
  • Upgrading to a Higher Capacity NSv Model
  • Creating a MySonicWall Account
• Installing SonicOS on the NSv Series
  • Supported NSv Models
  • Resizing NSv Virtual Machine
  • Task List for NSv Instance Setup
  • Deploying AWS from Console
  • Deploying AWS from Cloud Template
  • Accessing the SonicWall NSv Web Interface
  • Forwarding Traffic to your NSv
  • Configuring Internet/Public Access Through the NSv
  • SonicWall Nsv Firewall on AWS GovCloud
    • Deploying AWS Government Cloud from Console
    • Configuring Security Profile
    • Applying Security Services on Policies in NSv for Outbound Traffic
    • Deploying Windows 10 from Console
    • Creating a Security Policy and NAT Policy for Inbound RDP to the VM
  • Troubleshooting Installation Configuration
    • Insufficient Memory Assignment
    • PAYG Installation Errors
• Licensing and Registering Your NSv
  • Registering the NSv Virtual Machine as BYOL from SonicOS
  • Registering the NSv Virtual Machine as PAYG
• SonicOS Management
  • Managing SonicOS on the NSv Series
  • Using System Diagnostics
• Using the Virtual Console and SafeMode
  • Connecting to the Management Console with SSH
  • Navigating the NSv Management Console
    • System Info
    • Management Network or Network Interfaces
    • Test Management Network
    • Diagnostics
    • NTP Server
    • Lockdown Mode
      • Temporary Lockdown Mode
    • System Update
    • Reboot | Shutdown
    • About
    • Logs
  • Using SafeMode on the NSv
    • Enabling SafeMode
    • Disabling SafeMode
    • Configuring the Management Network in SafeMode
      • Configuring Interface Settings
      • Disabling an Interface
  • Using the SafeMode Web Interface
    • Accessing the SafeMode Web Interface
    • Entering/Exiting SafeMode
    • Locking and Unlocking the Management Console
    • Downloading the SafeMode Logs
    • Uploading a New Image in SafeMode
• SonicWall Support
  • About This Document

Deploying AWS from Cloud Template

This section describes how to deploy NSv to an existing VPC using AWS Cloud Formation Templates. This is referred to as a Launch Stack deployment.

Prerequisites include:

• AMI ID of NSv

• A key pair

• A VPC with:

  1. Two subnets:

     • WAN subnet.

     • LAN subnet.

  2. Two routing tables (in addition to main routing table - main routing table is automatically created when you created your VPC):

     • WAN routing table (with WAN subnet associated with it).

     • LAN routing table (with LAN subnet associated with it).

  3. An Internet Gateway attached to the VPC.

Populate the routing tables after the stack has been deployed successfully.

Steps

1. Go to: https://github.com/sonicwall/sonicwall-nsv-aws-cf-templates

2. Click Launch Stack following the Deploy SonicWall NSv to an existing VPC.

   

3. To select a Region, identify the region into which you wish to deploy NSv.

   You must copy the AMI to the chosen region and have its ID ready.

4. Click Launch Stack under Deploy NSv in existing VPC.

   

5. Click Next.

   

6. Specify Stack Name: Name for your stack. The name helps you find a particular stack from a list of stacks.

7. Set the following parameters:

   • Project Name: A name that is added to the resources tag.

   • Location

   Availability Zone: Select the Availability Zone into which NSv is launched.

   • Instance

     AMI: AMI ID of SonicWall NSv.

     Instance Name: A descriptive name for the NSv instance.

     Instance Type: Select the type of the instance from the drop-down menu.

     Key Pair: Select the key pair. This is the key pair available in AWS that can be used to SSH to the SonicWall NSv management console. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html.

     Allow management (ssh/http/https) from this CIDR: Specify the IP address from which management access is allowed on the WAN interface. Must be in IPv4 CIDR notation x.x.x.x/x. Open HTTP, HTTPS, and SSH ports for this address in the Ingress Security Group.

     WAN Interface Subnet ID: Select the subnet id for your WAN interface.

     LAN Interface Subnet ID: Select the subnet id for your LAN interface.

     Optional Existing Elastic IP Address (EIP): You can specify Allocation ID of an existing Elastic IP address. This EIP can connect to the WAN interface of the NSv. If this field is left blank, the system allocates a new EIP.

   • VPC

     VpcId: Select existing VPC to which to deploy NSv.

8. Click Next.

   

9. Click Next.

   

10. Review details and click Create.

    

11. Status changes to CREATE_COMPLETE.

    

12. When the stack creation is complete (Status changes to CREATE_COMPLETE). You can get the management and access details in the Outputs section.

13. Wait at EC2 Dashboard for Instance State — running, AND Status checks — 2/2 checks passed.

    

14. Change Routing Tables:

    1. Change Your LAN routing table to add a route with Destination 0.0.0.0/0 with Target to NSv's LAN Interface. This routes all your LAN traffic to the NSv X0 interface.

       

    2. Change your WAN routing table to add a route with Destination 0.0.0.0/0 with Target to your Internet Gateway (igw-xxxxx). This routes NSv WAN traffic to the Internet Gateway (IGW).

       

15. Your NSv should now be operational. Next, register your NSv as described in Licensing and Registering Your NSv. The following section details how to set up access to the NSv from the public Internet.