Key Features

Aviatrix Embedded Network Security includes:

NAT Gateway Replacement or Enhancement with Secure Egress Gateways

Advanced NAT and Egress Security Aviatrix Gateways can replace native cloud NAT Gateways to reduce costs and add egress FQDN filtering, threat detection, and geo-blocking. Aviatrix Gateways learn what applications use the FQDNs, simplifying the process of building the allow and deny lists.

Distributed Cloud Firewall

Every Aviatrix Gateway can perform packet inspection and enforce L4 and Layer 7 firewalling policies. Policies are defined centrally and expressed as intent, then distributed to Aviatrix Gateways in the network path the policy intends to secure. Policies can be dynamic, leveraging cloud-native tags and attributes so that enforcement is automatically updated as cloud-native applications scale and evolve.

Automated Threat Detection and Mitigation

CoPilot’s ThreatIQ leverages the Aviatrix Gateways to provide threat prevention by inspecting every packet flowing through the Gateway and comparing the connection attempt with industry-standard threat intelligence. ThreatIQ can immediately apply a blocking rule to shut down the communication if any matches occur.

FireNet – Bring Your Own NGFW Firewall Service Insertion

Aviatrix FireNet connects Palo Alto Networks, Check Point, Fortinet, and F5 firewalls to the Aviatrix secure cloud network backbone. The FireNet feature, along with Aviatrix Gateways, delivers high-performance, load balancing without SNAT and automated route propagation to easily deploy and scale out NGFWs with a consistent perimeter of architecture in all of the major public clouds.

Secure User VPN Gateway

Aviatrix Gateway can deliver SSL VPN termination supporting OpenVPN® and Aviatrix SAML clients. Each VPN user can be assigned to a profile defined by access privileges to the network, host, protocol, and ports. When a VPN user connects to the public cloud via an Aviatrix VPN Gateway, the access control is dynamically enforced.

High-Performance Encryption, Line-Rate up to 100 Gbps

Standard IPsec throughput is limited to a single processing core and single tunnel, resulting in 1.25 Gbps of encrypted throughput, regardless of the throughput capabilities of the underlying transport. Aviatrix Gateways leverage patented technology to aggregate processing cores and tunnels to achieve wire-speed IPsec throughput up to 100 Gbps.

Multicloud Network Segmentation

Aviatrix Gateways make it possible to isolate traffic to specific routes, allowing the isolation of well-defined groups such as customers or partners. These policies are enforced the same in every cloud so that policies can be centrally defined and used across a multicloud environment.

Microsegmentation

If the traffic path of the expressed intent does not flow through an Aviatrix Gateway (e.g. traffic flow in between two instances within a VPC or VM within a vNet), the Aviatrix controller will leverage native security groups to apply the intended policy, abstracting this from the operator.