Customize AWS ACLs Inbound/Outbound Rules for Datacenter Extension Gateway

Introduction

This document provides the minimum Network ACLs Requirements for Datacenter Extension Gateway. The customization reduces the scope of AWS ACLs Inbound and Outbound rules and helps you meet your organization’s security requirements.

Network ACLs Requirements for Datacenter Extension Gateway

Inbound:

Rule# Type Protocol Port Range Source Allow / Deny
100 ALL Traffic ALL ALL [Your DCX VPC CIDR] ALLOW
110 Custom TCP Rule TCP (6) 1024-65535 0.0.0.0/0 ALLOW
115 HTTPS (443) TCP (6) 443 [Your On-Prem Public IP where CloudN uses] ALLOW
120 SSH (22) TCP (6) 22 [Your On-Prem Public IP where CloudN uses] ALLOW
125 Custom UDP Rule UDP (17) 500 [Your On-Prem Public IP where CloudN uses] ALLOW
130 Custom UDP Rule UDP (17) 4500 [Your On-Prem Public IP where CloudN uses] ALLOW
135 Custom UDP Rule UDP (17) 1024-65535 0.0.0.0/0 ALLOW
ALL Traffic ALL ALL 0.0.0.0/0 DENY

Outbound:

Rule# Type Protocol Port Range Source Allow / Deny
100 ALL Traffic ALL ALL [Your DCX VPC CIDR] ALLOW
110 Custom TCP Rule TCP (6) 1024-65535 [Your On-Prem Public IP where CloudN uses] ALLOW
115 HTTPS (443) TCP (6) 443 0.0.0.0/0 ALLOW
120 DNS (UDP) (53) UDP (17) 53 8.8.8.8/32 [DNS Server IP] ALLOW
125 ALL UDP UDP (17) ALL [Your On-Prem Public IP where CloudN uses] ALLOW
ALL Traffic ALL ALL 0.0.0.0/0 DENY