Certified Security - Specialty

Sign Up Free or Log In to participate!

In the security specialty 2019 nat instance lab, the inbound https rule isn’t necessary

In the nat instance lab, the inbound https rule isn’t necessary. The internal instance can still connect out to the internet and run yum update just fine without adding https to the security group. That being said, thanks for the great content

1 Answers

You’re quite right, neither HTTP nor HTTPS is required inbound for a NAT instance since the NAT is handled at Layer 3 (Network), and never reaches Layer 4 (Transport) where Security groups are evaluated. And for sure, we don’t want that instance having any ports open unless absolutely necessary. We’ve recorded this as something to be amended. Thanks for letting us know!

Feedback can also be submitted directly to us through our Contact Support form, where one of our technical team members will respond and assess what we need to do to update our content

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?