This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to setup WAF on UTM on AWS?

Have a UTM 9.X running on AWS sitting in front of a VPC. I need to direct http / https traffic bound for a certain url through the UTM to an internal elb inside the VPC- which would then balance / direct the traffic to the web application running on 2 ec2 instances (each in a different availability zone)

 

What I'm reading is that I should have first in line a Public ELB (Application ELB) ...Do I then make the target/target group an IP address that is bound to the external interface of the UTM?

 

so should the Public ELB be the "Virtual webserver"?  then should the real webserver be the "internal elb"?  are firewall rules needed? anything else?

 

I have created a CNAME that points to the Public ELB.  Any help would be greatly appreciated.



This thread was automatically locked due to age.
Parents
  • This is obviously an old thread, but just for clarity, unless you're using our HA or Autoscaling solutions, you don't have to use a public ELB.  There are some circumstances where you may elect to use a public ELB anyways, but likely you'll want to simply point the CNAME to the UTM's elastic IP.  

    The real webserver would be pointed to the internal elb yes.  Create a DNS host object on the UTM with the internal ELB's DNS endpoint and configure the real webserver to use it.  No additional firewall rules are required.  Access to the site is administered through the webserver protection settings.

    Tim

Reply
  • This is obviously an old thread, but just for clarity, unless you're using our HA or Autoscaling solutions, you don't have to use a public ELB.  There are some circumstances where you may elect to use a public ELB anyways, but likely you'll want to simply point the CNAME to the UTM's elastic IP.  

    The real webserver would be pointed to the internal elb yes.  Create a DNS host object on the UTM with the internal ELB's DNS endpoint and configure the real webserver to use it.  No additional firewall rules are required.  Access to the site is administered through the webserver protection settings.

    Tim

Children
No Data