Editing a Transit FireNet

You can edit certain properties of a Transit FireNet after it is created.

On the Security > FireNet > FireNet Gateways tab, click the pencil icon next to the Transit FireNet you want to edit.

In the Edit FireNet dialog, configure the following:

Field	Description
Instance Size (regardless of type of FireNet)	Minimum sizes: AWS: c5.xlarge Azure: Standard_B2ms GCP: n1-standard_1 OCI: VM.Standard2.4 The minimum size may vary if HPE is enabled.
Instances	Availability Domain (OCI only): Select the OCI domain within the region (selected above). Attach to Subnet: FireNet is launched in this public subnet. Add a second Instance row for the High Availability (HA) instance. Zone (GCP only): Zone in which to create the gateway. Fault Domain (OCI only): OCI failover mechanism. Public IP: Allocate a new, static public IP address to the new Transit gateway.
Primary FireNet (AWS only)	Select if you want this FireNet to be the Primary FireNet where firewalls are attached. Not applicable for Egress FireNet.
Secondary FireNet (AWS only)	Select if you want this to be a Secondary FireNet that will send traffic to the Primary FireNet to be inspected. Egress and traffic inspection are disabled when Secondary FireNet is selected. Not applicable for Egress FireNet.
Attach Secondary FireNets (AWS/Primary FireNet only)	Select the Secondary FireNets to attach to this Primary FireNet. Not applicable for Egress FireNet.
Attach to Primary FireNet (AWS/Secondary FireNet only)	Select the Primary FireNet to which to attach this Secondary FireNet. Not applicable for Egress FireNet.
Gateway Load Balancer (GWLB)	Slide On to enable the AWS Gateway Load Balancer (differs from the Native AWS Load Balancer, which is part of the AWS TGW FireNet workflow). If the Gateway Load Balancer option was turned On as part of the Transit Gateway creation workflow (for AWS), it will be On and disabled in the Transit FireNet creation workflow. If the Gateway Load Balancer option was left Off as part of the Transit Gateway creation workflow (for AWS), it will be Off and disabled in the Transit FireNet creation workflow. This toggle is On and disabled by default for Azure and GCP. In Azure and GCP, load balancers are created automatically after FireNet is added to the Transit gateway. In OCI this toggle is Off and disabled by default.
Traffic Inspection	If turned Off the FireNet gateway loops back all packets. Off by default if adding an Egress Transit FireNet. This means that only egress traffic will be inspected/routed to a firewall. If creating an AWS Transit Gateway with Secondary FireNet selected, Traffic Inspection is Off by default, and hidden.
Egress	Enable Egress (Internet-bound) traffic inspection. On by default if adding an Egress Transit FireNet. If creating an AWS Transit Gateway with Secondary Transit selected, Egress is Off by default, and hidden.
Resource Tags (AWS and Azure only)	If you tagged your cloud resources, the resource tags display here after the Transit gateway is created. A resource tag is a key-value pair. You can also add custom tags after the gateway is created.

Field

Description

Instance Size (regardless of type of FireNet)

Minimum sizes:

AWS: c5.xlarge
Azure: Standard_B2ms
GCP: n1-standard_1
OCI: VM.Standard2.4

The minimum size may vary if HPE is enabled.

Instances

Availability Domain (OCI only): Select the OCI domain within the region (selected above).
Attach to Subnet: FireNet is launched in this public subnet.
Add a second Instance row for the High Availability (HA) instance.
Zone (GCP only): Zone in which to create the gateway.
Fault Domain (OCI only): OCI failover mechanism.
Public IP: Allocate a new, static public IP address to the new Transit gateway.

Primary FireNet (AWS only)

Select if you want this FireNet to be the Primary FireNet where firewalls are attached.

Not applicable for Egress FireNet.

Secondary FireNet (AWS only)

Select if you want this to be a Secondary FireNet that will send traffic to the Primary FireNet to be inspected.

Egress and traffic inspection are disabled when Secondary FireNet is selected.

Not applicable for Egress FireNet.

Attach Secondary FireNets (AWS/Primary FireNet only)

Select the Secondary FireNets to attach to this Primary FireNet.

Not applicable for Egress FireNet.

Attach to Primary FireNet (AWS/Secondary FireNet only)

Select the Primary FireNet to which to attach this Secondary FireNet.

Not applicable for Egress FireNet.

Gateway Load Balancer (GWLB)

Slide On to enable the AWS Gateway Load Balancer (differs from the Native AWS Load Balancer, which is part of the AWS TGW FireNet workflow).

If the Gateway Load Balancer option was turned On as part of the Transit Gateway creation workflow (for AWS), it will be On and disabled in the Transit FireNet creation workflow. If the Gateway Load Balancer option was left Off as part of the Transit Gateway creation workflow (for AWS), it will be Off and disabled in the Transit FireNet creation workflow.

This toggle is On and disabled by default for Azure and GCP. In Azure and GCP, load balancers are created automatically after FireNet is added to the Transit gateway.

In OCI this toggle is Off and disabled by default.

Traffic Inspection

If turned Off the FireNet gateway loops back all packets.

Off by default if adding an Egress Transit FireNet. This means that only egress traffic will be inspected/routed to a firewall.

If creating an AWS Transit Gateway with Secondary FireNet selected, Traffic Inspection is Off by default, and hidden.

Egress

Enable Egress (Internet-bound) traffic inspection.

On by default if adding an Egress Transit FireNet.

If creating an AWS Transit Gateway with Secondary Transit selected, Egress is Off by default, and hidden.

Resource Tags (AWS and Azure only)

If you tagged your cloud resources, the resource tags display here after the Transit gateway is created. A resource tag is a key-value pair. You can also add custom tags after the gateway is created.

Click Save.

Editing a Transit FireNet

Related Topics