AWS VPN configuration questions for TZ 670 running 7.0.1-5119

gomer

I have reviewed the documentation regarding configuring AWS VPN on this firewall to allow multiple remote firewalls to access/be accessed by AWS resources.

The current AWS console configuration options are NOT storyboarded in the documentation, and offer many more options than is covered in the instructions.

This is what I see as options in my VPC for configuring a VPN. Each require certs,

What we need is a step-by-step walkthrough of what sort of vpn to make, where to get the certs, what authentication to use and how to set up the addressing and routing.

gomer

I created a policy group in AWS for "firewalls" and gave them the permissions described in this article.

https://www.sonicwall.com/support/knowledge-base/aws-integration-with-sonicwall-sonicos-6-5-x/181024232124532/

Then I created a user per firewall and put them in the group.

Then I created an access key for that user.

Then I put that access key and private in the configuration section of the firewall. Yes, I downloaded the csv and copy/pasta'd the key pair directly in to the boxes. They are correct. But they fail, and aws shows them as never being invoked.

gomer

pro tip:

When using NSM, the test will "run" prior to deploying the config and fail.

If you DEPLOY the config, then test, it works.