Skip to main content

AWS Console Deployment (EC2)

Follow these easy steps to install an enforza Gateway instance in AWS using the AWS Console.

note

This tutorial assumes that you:

  • have your VPC, subnets and route-tables in place
  • want to deploy an enforza Gateway in your public subnet
  • are comfortable with configuring your route-tables in order to forward traffic to the enforza gateway
  • know what you are doing

Step 1: Create a New EC2 Instance

  1. Open your AWS Console and navigate to EC2.

  2. Click Launch Instance and select an Ubuntu or Debian image for your new instance.

    001

Step 2: Add the enforza Installation Script

  1. Scroll down to the User data section.

    002

  2. Paste the following script into the User data input box:

    #!/bin/bash
    curl -s -L https://efz.io/install | bash

Step 3: Set Up SSH Access (Optional)

  1. If you want to log into your server via SSH, either select an existing SSH key pair or create a new one.

  2. Keep this key safe—you’ll need it for SSH access.

    003

Step 4: Watch the Server Build

  1. Once you launch the instance, AWS will start provisioning your new Linux server.

  2. You can track the progress by clicking on the Instance ID (something like i-xxxxxxx).

    004

Step 5: Wait for the Server to be Ready

  1. After a few minutes, the Instance State will show as running. Your Linux server is now up and running.

  2. In the background, the enforza agent is being installed and automatically provisioned.

    005

Step 6: Disable Source/Destination Check

  1. Since this server will act as a firewall router, we need to disable the source/destination check.

  2. Click Actions > Change source/dest. check from the instance menu.

    006

Step 7: Uncheck the Source/Destination Box

  1. Uncheck the box labeled Enable for source/destination check.

    007

  2. Click Save to disable the check.

Step 8: Configure the Security Group

  1. Scroll down on the instance details page and click on the Security Group.

  2. Since this server is a firewall, you need to allow all traffic on the network interface, and the enforza agent will handle the traffic filtering.

    008

    Important: Do not allow all traffic on any instance that is not a security appliance!

Step 9: Set the Security Group Rules

  1. In the Security Group, change the inbound rule to:

    • Type: All Traffic
    • Source: Custom, 0.0.0.0/0

    009

  2. Click Save rules.

Step 10: Check the System Log

  1. After a few minutes, go back to the Instances view.

  2. Select your newly provisioned firewall, then click Actions > Monitoring and troubleshooting > Get system log.

    010

Step 11: Find the enforza Claim Key

  1. In the system log, you’ll find the enforza claim key. Look for the line next to efzClaimKey0.

    011

  2. Select and copy the claim key to your clipboard.

🎉 Success!

You’ve successfully provisioned a firewall in AWS with the enforza agent installed! 🚀

Next steps:

  • Head over to the enforza management portal.
  • Claim your device using the claim key you copied.
  • Push some firewall policies to start protecting your network.