Limitations of Existing Firewalls and AWS NAT Gateways
There are legitimate reasons why AWS VPCs or Azure VNets need Internet access; for example, to receive software updates from vendors or integrate with native AWS services or third-party SaaS services. But this is substantially different from an on-premises use case, where traditional, full-featured firewalls are needed to filter co-mingled end-user traffic and application traffic. And while AWS provides a NAT gateway, it can be configured only on a per-VPC basis against a limited number of IP addresses.
In this AWS Bootcamp from Aviatrix, we examine the security and networking requirements for controlling VPC egress traffic – including a discussion of different approaches for establishing a shared services VPC – and what capabilities AWS offers natively. We’ll also review and demonstrate a software-defined approach to egress security that helps avoid the complexity and expense of on-prem firewalls and the limitations of AWS NAT gateways by providing:
- Centralized control that enables policy assignment instantly across one VPC – or hundreds
- Flexible Layer 7 domain whitelisting that eliminates native AWS IP address limitations
- Methods for filtering on both HTTP and HTTPS traffic and utilizing whitelists and blacklists
- Integration with standard reporting and event correlation tools
Slides Included
You will also receive the file containing the presentation slides.
Of Particular Interest For …
Anyone responsible for connectivity of cloud resources, including cloud architects, cloud infrastructure managers, cloud engineers, and networking staff.
WATCH ON-DEMAND
Presented by our Solution Architects, Aviatrix Bootcamps ditch the marketing spin and deliver fact-based advice and cloud networking best practices. You'll receive a link to the replay and you can download the presentation slides.