Planning Your Stateful Firewall

You have a group of virtual machine (EC2/GCE) instances or a group of AWS Workspace instances. You would like to set up policies to allow them to access a database which itself consists of a group of nodes.

You can create a tag, name it my-app, and configure the list of IP addresses associated with each instance with a name. You can then create a second tag, name it my-database, and configure the list of IP addresses associated with each instance with a name.

You then can simply apply one policy at the gateway that says my-app to my-database is allowed. The Controller will automatically push the policies to the gateway.