I set a goal for my security team this year - Simplify, and then add lightness - just like Colin Chapman said.  With this in mind, we are changing our firewall at the office, as we now run almost all our services in AWS.  Would someone here have a sample or template for a firewall configuration specification that I could use as a starting point please?

ArchitectureStrategy
2.3k viewscircle icon5 Upvotescircle icon4 Comments
Sort by:
Worldwide Strategy & Portfolio, Cross Industry (Supply Chain, ESG, Engineering, Customer Experience, Intelligence Automation, ERP) in Manufacturing4 years ago

Hi! Without too much information, I would advise to review the AWS Security best practices https://docs.aws.amazon.com/vpc/latest/userguide/security.html and apply the principles based on the company’s needs. One recommendation for replacement or SaaS, FortiGate has a great service and value currently.

Director in Manufacturing4 years ago

This is out of my wheel house by a decade or more.  However in my experience you can get a very good starting point from the hardware vendor.  We were using CISCO a lot and I always started with their examples as a starting point and turned it from there to open or close off more services.

Lightbulb on2
CIO in Healthcare and Biotech4 years ago

The answer, as usual, is: it depends. If you have a site-to-site VPN to their AWS environment, Amazon provides very clear templates for a variety of firewall platforms. If you are using Direct Connect, then it's just a matter of setting up the right routes. I think much more detail is needed before a question like this can be answered. Hope this helps.

Lightbulb on2
Director of IT in Software4 years ago

You can try the following links for the template.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html

https://asecure.cloud/a/NetworkFirewall/

Lightbulb on1

Content you might like

Are you using GitOps in your organization?

Yes, we are GitOps mature19%

Yes, in some instances46%

No, we don't have a use-case for it20%

No, it's too expensive or cumbersome5%

No, and I'm unfamiliar with the term "GitOps"7%

View Results

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented 

Read More Comments

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

What do you consider a best practice for retaining/releasing unnecessary domain names? In this case, specialized domains tied to marketing campaigns. 

While the expense is small and there is some possibility for a bad actor to acquire and use for malicious activity, I question keeping domains of this sort "forever."

How do you handle this?

Read More Comments

Looking ahead, is your company planning to invest more in digital, white-glove customer service models?

Yes78%

No21%