Configuring Ingress Routing

This section describes the necessary steps to configure ingress routing.

Step 1: Create a Target Group

Log into the AWS Management Console.
Navigate to Services > EC2 > Load Balancing > Target Groups > Create target group.
Enter these details for the target group:
1. Target Group Name: guo-internal-80 and guo-internal-22
2. Target type: Instance
3. Protocol: TCP
4. Port: 80 and 22
5. VPC: <Where test server resides>
Click Create.
Register targets to the internal target group.
1. Below Create target group, in the Name column, select the target group > click Targets > Edit.
2. Select <Test Server> > Add to registered > Save.
3. For each Target group, repeat steps "a" and "b".

Navigate to Services > EC2 > Load Balancing > Load Balancer > Create Load Balancer > Create (Network Load Balancer).
Enter the required details:
- Name: Enter a name
- Scheme: Internal
- Listeners: Ports 80 and 22
- VPC: Where the server resides
- AZ: Select each Availability Zone

Go to Configure Security Settings > Configure Routing and enter the necessary details.
Enter the required details:
- Target Group: Existing
- Name: guo-internal-22
- Next: Register Targets > Review > Create.
- Listeners: Edit the listener to match the associated port(s)

To configure the AWS External Load Balancer, do these steps:

Log into the AWS Management Console
Navigate to Services > EC2 > Load Balancing > Target Groups > Create target group.
Create the target groups
1. Enter the necessary details:
  - Target Group Name: example-external-5080 and guo-internal-5022
  - Target type: Instance
  - Port: 5080 and 5022
  - VPC: <Where firewall resides>
2. Click Create.
3. Repeat steps 2 and 3 for each target group.
4. Add firewalls to both external target groups.
Create an External Load Balancer.
1. Navigate to Services > EC2 > Load Balancing > Load Balancer > Create Load Balancer > Create (Network Load Balancer).
2. Enter the necessary details:
  - Name:
  - Scheme: internet-facing
  - Listeners: 80 and 22
  - VPC: Where server resides>
  - AZ: Select each AZ
Configure the Security Settings:
1. Go to Configure Security Settings > Configure Routing, enter the necessary details:
  - Target Group: Existing
  - Name: example-external-5022
2. Click Next > Register Target > Review.
3. Click Create.
Edit Listeners to match the associated port.
1. Below Listeners, select Add listener.
2. Select the checkboxes for TCP : 22 and TCP : 80.

To allow ingress traffic, do these steps:

Log into SmartConsole.
Create a Dynamic object:
1. Go to Object > New > More > Network Object > Dynamic Objects > Dynamic Objects.
2. In the Name field, give the object this name: LocalGatewayInternal
3. Repeat steps "a" and "b" for the second Dynamic object.
Create a dummy host object:
1. Go to Object > New > Host.
2. Enter the necessary details:
  - Name: DummyHost
  - IP: 169.254.1.1
Create a dummy object group
1. Go to Objects > New > Network Group.
2. In the Name field, enter DummyGroup.
3. Add the DummyHost to this DummyGroup.

Create two Logical Servers.

In the Name field, enter the DNS name provided by the AWS Internal Load Balancer.

Example:

fw01 = internal-InternalELB-1087819072.us-east-1.elb.amazonaws.com_1)

fw02 = internal-InternalELB-1087819072.us-east-1.elb.amazonaws.com_2

In the IPv4 Address field, enter the external IP address associated with the gateway instance.
For Server's type, select Other. Note - Select Other even if you work with HTTP.
Select the checkbox Persistent server mode and keep the default option Persistency by service.
Below Balance Method, select Domain.
Repeat steps "a" through "f" for each gateway. Remember, put "_<Number>" at the end of the Logical server name, as in this example:

Create an Access Rule:
Create a NAT rule:
Push the policy.
Verify the connection
1. Copy the DNS name of the External Load Balancer.
2. Open a browser and paste the External Load Balancer's DNS name.
3. Verify the log entry.