Limitations of Existing Firewalls and AWS NAT Gateways

There are legitimate reasons why AWS VPCs or Azure VNets need Internet access; for example, to receive software updates from vendors or integrate with native AWS services or third-party SaaS services. But this is substantially different from an on-premises use case, where traditional, full-featured firewalls are needed to filter co-mingled end-user traffic and application traffic. And while AWS provides a NAT gateway, it can be configured only on a per-VPC basis against a limited number of IP addresses.

In this AWS Bootcamp from Aviatrix, we examine the security and networking requirements for controlling VPC egress traffic – including a discussion of different approaches for establishing a shared services VPC – and what capabilities AWS offers natively. We’ll also review and demonstrate a software-defined approach to egress security that helps avoid the complexity and expense of on-prem firewalls and the limitations of AWS NAT gateways by providing:

  • Centralized control that enables policy assignment instantly across one VPC – or hundreds
  • Flexible Layer 7 domain whitelisting that eliminates native AWS IP address limitations
  • Methods for filtering on both HTTP and HTTPS traffic and utilizing whitelists and blacklists
  • Integration with standard reporting and event correlation tools

Slides Included

You will also receive the file containing the presentation slides.

Of Particular Interest For …

Anyone responsible for connectivity of cloud resources, including cloud architects, cloud infrastructure managers, cloud engineers, and networking staff.


Presented by our Solution Architects, Aviatrix Bootcamps ditch the marketing spin and deliver fact-based advice and cloud networking best practices. You'll receive a link to the replay and you can download the presentation slides.