Fortinet black logo

Administration Guide

Home AWS Firewall Rules Administration Guide

Validating the rule group configuration

Copy Link
Copy Doc ID 8dbe9664-41a0-11ec-bdf2-fa163e15d75b:842774
Download PDF

Validating the rule group configuration

There are multiple logging destinations available for AWS network firewalls. This example uses CloudWatch to store and display logs. For details, see AWS Network Firewall Logging Destinations.

To validate the rule group configuration:
  1. Create a log group:
    1. Go to CloudWatch > Logs > Log Groups.
    2. Click Create log group.
    3. Under Tags, in the Key field, enter AWSNetworkFirewallManaged.
    4. Click Create.
  2. Configure logging for the firewall:
    1. Go to VPC > Network Firewalls > Firewalls.
    2. Select the firewall that contains the Fortinet rule groups.
    3. On the Firewall Details tab, under Logging, click Edit.
    4. Under Log type, select Alert and Flow.
    5. Under Log destination for alerts, select CloudWatch log group.
    6. In the CloudWatch log group field, select the desired group.
    7. Repeat steps e-f in Log destination for flows.
  3. Create an instance in the protected region behind the AWS network firewall.
  4. Remotely access the instance via SSH.
  5. Attempt to download malware. The following shows desired output when using an intrusion prevention system rule group. The file is blocked and cannot be downloaded.

  6. On the AWS management console, go to CloudWatch > Logs > Log Groups.
  7. Select the log group that you selected in step 2f.
  8. Open the generated log stream to confirm that the attempted malware download was logged.

Previous
Next

Validating the rule group configuration

There are multiple logging destinations available for AWS network firewalls. This example uses CloudWatch to store and display logs. For details, see AWS Network Firewall Logging Destinations.

To validate the rule group configuration:
  1. Create a log group:
    1. Go to CloudWatch > Logs > Log Groups.
    2. Click Create log group.
    3. Under Tags, in the Key field, enter AWSNetworkFirewallManaged.
    4. Click Create.
  2. Configure logging for the firewall:
    1. Go to VPC > Network Firewalls > Firewalls.
    2. Select the firewall that contains the Fortinet rule groups.
    3. On the Firewall Details tab, under Logging, click Edit.
    4. Under Log type, select Alert and Flow.
    5. Under Log destination for alerts, select CloudWatch log group.
    6. In the CloudWatch log group field, select the desired group.
    7. Repeat steps e-f in Log destination for flows.
  3. Create an instance in the protected region behind the AWS network firewall.
  4. Remotely access the instance via SSH.
  5. Attempt to download malware. The following shows desired output when using an intrusion prevention system rule group. The file is blocked and cannot be downloaded.

  6. On the AWS management console, go to CloudWatch > Logs > Log Groups.
  7. Select the log group that you selected in step 2f.
  8. Open the generated log stream to confirm that the attempted malware download was logged.

Previous
Next