Limitations of Existing Firewalls and AWS NAT Gateways

There are legitimate reasons why AWS VPCs or Azure VNets need Internet access; for example, to receive software updates from vendors or integrate with native AWS services or third-party SaaS services. But this is substantially different from an on-premises use case, where traditional, full-featured firewalls are needed to filter co-mingled end-user traffic and application traffic. And while AWS provides a NAT gateway, it can be configured only on a per-VPC basis against a limited number of IP addresses.

In this AWS Bootcamp from Aviatrix, we examine the security and networking requirements for controlling VPC egress traffic – including a discussion of different approaches for establishing a shared services VPC – and what capabilities AWS offers natively. We’ll also review and demonstrate a software-defined approach to egress security that helps avoid the complexity and expense of on-prem firewalls and the limitations of AWS NAT gateways by providing:

  • Centralized control that enables policy assignment instantly across one VPC – or hundreds
  • Flexible Layer 7 domain whitelisting that eliminates native AWS IP address limitations
  • Methods for filtering on both HTTP and HTTPS traffic and utilizing whitelists and blacklists
  • Integration with standard reporting and event correlation tools

Slides Included

You will also receive the file containing the presentation slides.

Of Particular Interest For …

Anyone responsible for connectivity of cloud resources, including cloud architects, cloud infrastructure managers, cloud engineers, and networking staff.

WATCH ON-DEMAND

Presented by our Solution Architects, Aviatrix Bootcamps ditch the marketing spin and deliver fact-based advice and cloud networking best practices. You'll receive a link to the replay and you can download the presentation slides.