Allow external access to AWS services
We have an in-house developed app that communicates with an AWS hosted third party service. That external service is hosted on the US-EAST-1 region of AWS. What is the best way to allow outbound access from an internal device to those external services? I do not really want to add ALL of the US-EAST-1 networks into an allow rule. Or do I?
It would be ideal if I could set up a rule that is process name based.
I have an XTM525.
What is the best way to proceed here?
0
Sign In to comment.
Comments
Hi @JoshuaThompson
Depending on the fireware version you're running, you can set up FQDN rules to allow access by FQDN.
(About Policies by Domain Name (FQDN))
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/fqdn_about_c.html
Policies by FQDN work best if the firewall is able to see the DNS requests from the client traverse the firewall so it can snoop the replies it gets (as the firewall asking itself may return a different answer.)
if you're running an older version that doesn't support FQDN, you'll need to allow via IP address.
Thank you James. We are using FQDN in the rule but the IP addresses are still being blocked. Our DNS on the firewall points to our internal DNS servers.
Hi @JoshuaThompson
I'd suggest opening a case with support -- they'll be able to take a look at your logs and look into this further with you.