How to add a Firewall for ALB which is connected to Global accelerator in AWS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to add a Firewall for ALB which is connected to Global accelerator in AWS

L1 Bithead

 

I have implemented a security service VPC using VM series and Gateway Load balancer. in the case where traffic is coming thru the IGW, I am able to route incoming traffic from IGW to security VPC for inspection and then back the application ALB. 

However, I am not sure how to do this if my ALB is connected to a Global Accelerator (when traffic does not pass thru IGW). where and how could I insert the GWLB endpoint ?

The diagram to illustrate the connectivity

KimSiah_1-1686721882301.png

 

 

Please enlighten. Thanks.

 

KS

2 REPLIES 2

Hi @KimSiah ,

I don't have experience with Global Accelerator, but when reading AWS docs it is basically an Anycast public address. Which if I could just simplify - traffic to the Global Accelerator IP will be "forwarded" to the ALB, but again over the Internet Gateway.

I am assuming the anycast IP will use ALB public IP and for that will also need IGW to be deployed, which means same GWLBendpoint should be sufficient.

 

I am curious if have tested it and what is the result.

 

 

 

 

 

 

GA does not send traffic via IGW, GA traffic is not even controlled by the VPC NACL. I have removed the GA, instead, I used a NLB in front of the ALB and made IGW send traffic for the NLB to the GWLB endpoint 

  • 1435 Views
  • 2 replies
  • 0 Likes
  • 85 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!