Adding FireNet to an AWS Transit Gateway

Ensure you have completed any prerequisites before beginning.

See Minimum Gateway Instance Sizes for FireNet deployment for information on the interfaces/NICs created when you add FireNet to a Transit Gateway.

On the Security > FireNet > FireNet Gateways tab, click +Add FireNet.

In the Add FireNet to Transit Gateway dialog, select if you want to add FireNet functionality to an existing Transit gateway or on a new Transit gateway.

If you are adding FireNet to an existing Transit gateway that has the BGP over LAN slider On, that Transit gateway must also have DNAT/SNAT configured.

Only Transit gateways that have the Transit Egress Capability toggle enabled (selected when you create a Transit gateway from Cloud Fabric > Gateways > Transit Gateways) are displayed in the Existing Transit Gateway List.

If creating a new Transit gateway, enter a name in the Name field.

Configure the Transit FireNet using the information in the table below.

Parameter	Description
Name	A name for the Transit FireNet
Cloud (prepopulated if creating on an existing Transit gateway)	Select Cloud type: Standard, GovCloud, China
Account (pre-populated if creating on an existing Transit gateway)	The cloud access account for creating the Transit FireNet Gateway.
Region (pre-populated if creating on an existing Transit gateway)	The cloud region in which to create the Transit FireNet Gateway.
VPC/VNet	The VPC or VNet in the selected region in which to create the Spoke Gateway.
Instance Size	Minimum size: c5.xlarge The minimum size may vary if HPE is enabled.
High Performance Encryption (HPE)	Turn On HPE for the FireNet deployment, for higher throughputs.
Attach to Subnet	FireNet is launched in this public subnet.
Public IP	Allocate a new, static public IP address to the new Transit gateway.
Primary FireNet	Select if you want this FireNet to be the Primary FireNet where firewalls are attached.
Secondary FireNet	Select if you want this to be a Secondary FireNet that will send traffic to the Primary FireNet to be inspected. Egress and traffic inspection are disabled when Secondary FireNet is selected.
Attach Secondary FireNets	Select the Secondary FireNets to attach to this Primary FireNet.
Attach to Primary FireNet	Select the Primary FireNet to which to attach this Secondary FireNet.
Gateway Load Balancer	Slide On to enable the AWS Gateway Load Balancer (differs from the Native AWS Load Balancer, which is part of the AWS TGW FireNet workflow). If the Gateway Load Balancer option was turned On as part of the Transit Gateway creation workflow (for AWS), it will be On and disabled in the Transit FireNet creation workflow. If the Gateway Load Balancer option was left Off as part of the Transit Gateway creation workflow (for AWS), it will be Off and disabled in the Transit FireNet creation workflow.
Traffic Inspection	If turned Off the FireNet gateway loops back all packets. If creating an AWS Transit Gateway with Secondary FireNet selected, Traffic Inspection is Off by default, and hidden.
Egress	Enable Egress (Internet-bound) traffic inspection.

Parameter

Description

Name

A name for the Transit FireNet

Cloud (prepopulated if creating on an existing Transit gateway)

Select Cloud type: Standard, GovCloud, China

Account (pre-populated if creating on an existing Transit gateway)

The cloud access account for creating the Transit FireNet Gateway.

Region (pre-populated if creating on an existing Transit gateway)

The cloud region in which to create the Transit FireNet Gateway.

VPC/VNet

The VPC or VNet in the selected region in which to create the Spoke Gateway.

Instance Size

Minimum size: c5.xlarge

The minimum size may vary if HPE is enabled.

High Performance Encryption (HPE)

Turn On HPE for the FireNet deployment, for higher throughputs.

Attach to Subnet

FireNet is launched in this public subnet.

Public IP

Allocate a new, static public IP address to the new Transit gateway.

Primary FireNet

Select if you want this FireNet to be the Primary FireNet where firewalls are attached.

Secondary FireNet

Select if you want this to be a Secondary FireNet that will send traffic to the Primary FireNet to be inspected.

Egress and traffic inspection are disabled when Secondary FireNet is selected.

Attach Secondary FireNets

Select the Secondary FireNets to attach to this Primary FireNet.

Attach to Primary FireNet

Select the Primary FireNet to which to attach this Secondary FireNet.

Gateway Load Balancer

Slide On to enable the AWS Gateway Load Balancer (differs from the Native AWS Load Balancer, which is part of the AWS TGW FireNet workflow).

If the Gateway Load Balancer option was turned On as part of the Transit Gateway creation workflow (for AWS), it will be On and disabled in the Transit FireNet creation workflow. If the Gateway Load Balancer option was left Off as part of the Transit Gateway creation workflow (for AWS), it will be Off and disabled in the Transit FireNet creation workflow.

Traffic Inspection

If turned Off the FireNet gateway loops back all packets.

If creating an AWS Transit Gateway with Secondary FireNet selected, Traffic Inspection is Off by default, and hidden.

Egress

Enable Egress (Internet-bound) traffic inspection.

Click Add.

If you are attaching Secondary FireNets to Primary (AWS only), the Attach Secondary FireNet to Primary FireNet dialog displays.

You can check the FireNet creation progress on the Monitor > Notifications > Tasks tab.