According to the documentation, if you don't have an ELB sandwich then there is a one to one relationship between the firewall and the back end server. I spoke to support and the answer was the fact that you can only have one ENI attached per subnet. My customer has an existing IAAS stack and wanted only 1 FW per AZ. But the proxy servers in the private subnet autoscale.
This does not appear possible. Can someone explain in more detail how this constraint works? Options would be to put an internal ELB
Solved! Go to Solution.
I see that no one answered you question and I can try to help, but it is not quite clear what are you trying to do.
I am not sure where you had that from, but taken out of context both statements are not necessary correct. You can surely protect multiple webservers with a single firewall without using load balancer. Also strictly speaking you can have more than one ENI per subnet.
We definitely need more context. You can have one ENI per subnet but in that subnet you can have multiple backend resources. So as @BatD referrenced you can secure multiple servers with a firewall. If you have multiple resources in multiple subnets and you would like to secure them via the firewall then you need to add more ENI's and configure multiple zones. the VM-Series can have up to 7 Dataplane interfaces + 1 the management interface depending on the machine type used in AWS
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!