Launch a NetFoundry Gateway in AWS Cloud


This install guide will walk you through the steps required to launch a NetFoundry Gateway instance in your AWS VPC using CloudFormation.



  1. We highly recommend deploying gateways on a private subnet within your VPC, as well as a VPC NAT Gateway for outbound access to the Internet. If you install your gateway in a public subnet, you must take appropriate measures to protect it from all unauthorized access.  The public subnet must be configured to auto assign IP: please see

  2. We provide a CloudFormation template to automate a gateway deployment for you. It does not launch the VPC NAT Gateway or any other component in your VPC other than the NetFoundry Gateway Endpoint. 

Before You Begin

Before you can use the NetFoundry CloudFormation Template, you must first accept the software terms in the AWS Marketplace:

  1. Visit the NetFoundry Cloud Gateway on the AWS marketplace
  2. Click on the "Manual Launch" tab
  3. Click on "Accept Software Terms"

The software terms need to be accepted only one time per AWS Account, after which you may launch as many gateways as you want.

Launching a Gateway Instance

Installing a NetFoundry Gateway into your AWS VPC is very straight forward. NetFoundry includes a CloudFormation template to launch a new gateway instance with only a few steps:

  1. Create a gateway in the NetFoundry console;
  2. Launch a NetFoundry gateway instance inside of your AWS VPC;
  3. Confirm the gateway registers with your NetFoundry network from the console;
  4. Recommended Next Steps;

Step 1: Create an AWS gateway in the NetFoundry Console

  1. Sign in to your NetFoundry Organization.
  2. Navigate to the Gateways page, and create a new AWS Cloud Gateway. Give it a name and location, then click the Create button.
  3. On the confirmation screen, click the "LAUNCH GATEWAY USING CLOUD FORMATION" button, to launch the CloudFormation Script in your AWS Console. You will be prompted to sign into your account on the AWS Console, if you are not already signed in.


Step 2: Launch a NetFoundry Gateway Instance Inside of Your AWS VPC

From the AWS Console, CloudFormation will prompt you for the following information:

NetFoundry Parameters

  1. Registration Key: This field is populated automatically when launching from the NetFoundry Console. If you are launching the CF Script manually, you will need to enter a Registration Key.

AWS Parameters

  1. Stack Name: Enter a name for the Stack being launched
  2. VPC: Choose the VPC into which the gateway & security group (allowing SSH access) will be created
  3. Key Name: Your SSH key pair to associate with instances
  4. Instance Type: Choose the desired EC2 instance type and size of the gateway instance. See Edge Gateway Sizing Guide for information on sizing your gateway VM for required throughput.
  5. Subnet: Choose the VPC subnet in which to place the gateway. If launching in a public subnet (pointing to Internet GW), the subnet must have auto assign public IP enabled. See this AWS user guide for more information.
  6. SSH Location: The IP address range that can be used to SSH to the EC2 instances. A security group will be created and applied to the instance. 


Step 3: Confirm the Gateway Registers With Your NetFoundry Network From the Console

It may take up to 5 minutes to register and come online. Once the Gateway Instance has started up, switch back to the NetFoundry Console and locate the Gateway Endpoint.

Confirm that the status indicator is green, which means that it has successfully registered and is online. If the status indicator remains grey, then the gateway has failed to register. If it is red, the gateway has registered, but is offline.


Troubleshooting Registration

If automatic registration seems to have failed you may instead perform manual registration with these instructions.

Alternatively, please see the article: Troubleshoot client and gateway registration errors.

Recommended Next Steps

1. Update the YUM package management system

> sudo yum clean metadata && sudo yum update

2. Ensure you change the password for the "nfadmin" user account, per your company guidelines.

> sudo passwd nfadmin

Should you require RADIUS, please contact NetFoundry.


Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.