Add cloud accounts and appliances
Before you can deploy protection on the Network Security management interface, first add a cloud account to allow Network Security to gain access to your cloud account information.
The Get Started wizard walks you through adding a cloud account, deploying protection, and any next steps you should take to protect your network environment. Navigate to Home → Get Started to launch the wizard.
If you have already walked through the Get Started wizard previously, you can also navigate to Network → Accounts and click Add Account to add any additional Cloud accounts.
When you add your Cloud account in the Get Started wizard, you can view the security posture page to see how the public assets in your environment are currently protected. To evaluate your security posture, Network Security looks at the VPCs across all of your AWS regions to determine the VPCs have public assets that need protection.
Public assets in this context only include EC2 instances with public IP addresses. Network Security does not protect public assets that are created in the inspection subnet or the management subnet. Public assets that require protection should be created in a protected public subnet.
Use this assessment to determine where to deploy Network Security for the assets in your environment that need protection.
Posture assessment is only supported by Network Security AWS deployments that are available from the Network Security management interface. Currently, this only includes the automated AWS Edge protection deployment.
You can still use manual Network Security deployment options to protect your environment, but these changes are not reflected in the posture assessment chart.
After you exit the Get Started wizard, you cannot return to the posture assessment page. However, you can view the same information on the assets page (Network → Assets). If you have more than one Cloud account added, the assets page displays the data from across all Cloud accounts.
The following table describes each of the categories on the posture assessment chart.
||Unprotected public assets||These public assets do not currently have Network Security protection.
NOTE: All of the public assets that are not protected by the automated Edge protection deployment (including those protected by manual deployment options) are currently shown as "unprotected" in the posture assessment chart.
||Protected public assets||These public assets are currently protected by Network Security Edge protection deployment.|
It is a good best practice to complete the Deploy Protection checklist before deploying protection to your environment. If you have already walked through the Get Started wizard previously, you can also navigate to Network → Appliances and click the Deploy new protection button to deploy a new virtual appliance.
After you add a virtual appliance, you can view the information for that appliance, like the instance ID, platform, region, and virtual network, in Network → Appliances.
Appliances on the appliances page are organized by their scaling group.
From the Appliances page, select a scale group or appliance and click Configure to make changes to appliances, including setting the inspection state to Enabled or Disabled or distributing policies. Changes to appliances in a scale group are applied to all of the appliances within that group. You can also make changes to an individual appliance that does not belong to a scale group.
The Deploy new protection button is disabled while you have a scale group or an appliance selected. Unselect the scale group or appliance radio button to reenable the Deploy protection button.
You can add up to four virtual appliances to the Network Security management interface. After you have reached this limit, contact Cloud One support to increase the number of virtual appliances that you can add.