Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=AWS-auto-scaling

AWS Auto Scaling

This feature may not be available for all customers yet.

You can add your Sophos Firewalls to an Amazon Web Services (AWS) Auto Scaling group. You can then manage your inbound web traffic (WAF, IPS and NAT) through AWS Auto Scaling. For information about AWS Auto Scaling, see AWS Auto Scaling.

To configure AWS Auto Scaling, deploy your firewalls in an AWS Virtual Private Cloud (VPC) and then manage them through Sophos Central.

You can deploy AWS Auto Scaling through a CloudFormation template into a new or existing Virtual Private Cloud (VPC).

Once you've deployed AWS Auto Scaling, you can direct inbound web application traffic to your external Network Load Balancer (NLB). The NLB distributes connections across members of your Sophos Firewall Auto Scaling group. The traffic is processed and scanned by the firewalls, then sent to internal Elastic Compute Cloud (EC2) instances or to an internal AWS load balancer which distributes traffic to attached EC2 instances.

Note

Your NLB is created and configured to distribute traffic when you deploy your CloudFormation template. You can modify your NLB configuration after deployment. For more information, see Create a Network Load Balancer.

As network demand increases, AWS automatically creates, configures and activates new Sophos Firewall instances. When network demand decreases, AWS shuts down the instances. Firewalls that are already configured but aren't currently running are stored in a "warm pool". See Warm pools for Amazon EC2 Auto Scaling.