Launch a NetFoundry gateway in AWS Cloud

Introduction

This install guide will walk you through the steps required to launch a NetFoundry gateway instance in your AWS VPC using CloudFormation.

NF_GW_private_subnet.png

Caveats

  1. We highly recommend deploying gateways on a private subnet within your VPC, as well as a VPC NAT Gateway for outbound access to the Internet. If you install your gateway in a public subnet, you must take appropriate measures to protect it from all unauthorized access.

  2. We provide a CloudFormation template to automate a gateway deployment for you. It does not launch the VPC NAT Gateway or any other component in your VPC other than the NetFoundry Gateway endpoint. 

Before you begin

Before you can use the NetFoundry CloudFormation template, you must first accept the software terms in the AWS Marketplace:

  1. Visit the NetFoundry Cloud Gateway on the AWS marketplace
  2. Click on the "Manual Launch" tab
  3. Click on "Accept Software Terms"

The software terms need to be accepted only one time per AWS account, after which you may launch as many gateways as you want.

Launching a gateway instance

Installing a NetFoundry gateway into your AWS VPC is very straight forward. NetFoundry includes a CloudFormation template to launch a new gateway instance with only a few steps:

  1. Create a gateway in the NetFoundry console
  2. Launch a NetFoundry gateway instance inside of your AWS VPC
  3. Confirm the gateway registers with your NetFoundry network from the console

Step 1: Create an AWS gateway in the NetFoundry Console

  1. Sign in to your NetFoundry organization.
  2. Navigate to the Gateways page, and create a new AWS Cloud gateway. Give it a name and location, then click the Create button.
  3. On the confirmation screen, click the "LAUNCH GATEWAY USING CLOUD FORMATION" button, to launch the CloudFormation script in your AWS console. You will be prompted to sign into your account on the AWS console, if you are not already signed in.

AWS_gateway_create_confirmation.png

Step 2: Launch a NetFoundry gateway instance inside of your AWS VPC

From the AWS Console, CloudFormation will prompt you for the following information:

NetFoundry Parameters

  1. Registration Key: This field is populated automatically when launching from the NetFoundry console. If you are launching the CF script manually, you will need to enter a registration key.

AWS Parameters

  1. Stack Name: Enter a name for the Stack being launched
  2. VPC: Choose the VPC into which the gateway & security group (allowing SSH access) will be created
  3. Key Name: Your SSH key pair to associate with instances
  4. Instance Type: Choose the desired EC2 instance type and size of the gateway instance
  5. Subnet: Choose the VPC subnet in which to place the gateway. If launching in a public subnet (pointing to Internet GW), the subnet must have auto assign public IP enabled. See this AWS user guide for more information.
  6. SSH Location: The IP address range that can be used to SSH to the EC2 instances. A security group will be created and applied to the instance. 

CloudFormation_launch_form.png 

Step 3: Confirm the gateway registers with your NetFoundry Network from the console

It may take up to 5 minutes to register and come online. Once the gateway instance has started up, switch back to the NetFoundry Console and locate the gateway endpoint.

Confirm that the status indicator is green, which means that it has successfully registered and is online. If the status indicator remains grey, then the gateway has failed to register. If it is red, the gateway has registered, but is offline.

gateways_index.png

Troubleshooting Registration

Where to find registration logs for the AWS Cloud gateway

If a gateway fails to register with the NetFoundry console, the system log may provide a clue as to the issue. To view the system log of an instance from the EC2 Dashboard, click on the instance row, and select Instance Settings → Get System Log from the Actions menu.
 

get_system_log.png

A system log dialog will appear on screen. Scroll to the bottom and locate the output from the cloud-init process.
 
system_log_dialog.png

 

Recommended next steps

1. Update the YUM package management system

> sudo yum clean metadata && sudo yum update

2. Ensure you change the password for the "nfadmin" user account, per your company guidelines.

> sudo passwd nfadmin

Should you require RADIUS, please contact NetFoundry.

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.