- Link to the sample PBMM config file
- Link to the light weight sample PBMM config file _ Recommended for most new AWS customers _
- The full PBMM configuration file was based on feedback from customers moving into AWS at scale and at a rapid pace. Customers of this nature have indicated that they do not want to have to upsize their perimeter firewalls or add Interface endpoints as their developers start to use new AWS services. As these are the two most expensive components of the solution, this does not fit all customers needs, so we created a light weight version of the configuration file that does not sacrifice functionality, but could limit performance. This config file:
- only deploys the 6 required centralized Interface Endpoints (removes 56)
- all services remain accessible using the AWS public endpoints, but require traversing the perimeter firewalls
- removes the perimeter VPC Interface Endpoints
- removes the Fortigate Manager appliance deployment
- reduces the Fortigate instance sizes from c5n.2xl to c5n.xl (VM08 to VM04)
- removes the Unclass ou and VPC
- only deploys the 6 required centralized Interface Endpoints (removes 56)
- The Accelerator allows customers to easily add this functionality in future, as and when required without any impact
- Sample firewall config file
- Firewall configuration customizations