Embedded Security

Embedded security is a key component of Aviatrix’s cloud networking solution.


Unlike cybersecurity and cloud infrastructure companies that provide bolt-on tools, Aviatrix builds security into the network. Aviatrix provides the industry’s first enterprise-class, fully embedded, secure egress solution that is purpose-built for cloud.


Aviatrix Distributed Cloud Firewall for Egress improves your overall security posture and lowers security spending compared to existing solutions.


Purpose-Built for Cloud

Aviatrix’s embedded security solution is unique in its ability to bridge the gap between traditional network security architectures and the requirements of the cloud environment.

Unlike traditional solutions, Aviatrix distributes inspection and enforcement throughout the network, enabling dynamic intent-based security policies that support agility. By embedding security directly into the network, Aviatrix enhances security while reducing costs. With Aviatrix, enterprises can confidently embrace the cloud with robust and flexible network security.

Learn More
Cloud Network Security ThreatIQ

Key Features

Aviatrix Embedded Network Security includes:

NAT Gateway Replacement or Enhancement with Secure Egress Gateways

Advanced NAT and Egress Security Aviatrix Gateways can replace native cloud NAT Gateways to reduce costs and add egress FQDN filtering, threat detection, and geo-blocking. Aviatrix Gateways learn what applications use the FQDNs, simplifying the process of building the allow and deny lists.

Distributed Cloud Firewall

Every Aviatrix Gateway can perform packet inspection and enforce L4 and Layer 7 firewalling policies. Policies are defined centrally and expressed as intent, then distributed to Aviatrix Gateways in the network path the policy intends to secure. Policies can be dynamic, leveraging cloud-native tags and attributes so that enforcement is automatically updated as cloud-native applications scale and evolve.

Automated Threat Detection and Mitigation

CoPilot’s ThreatIQ leverages the Aviatrix Gateways to provide threat prevention by inspecting every packet flowing through the Gateway and comparing the connection attempt with industry-standard threat intelligence. ThreatIQ can immediately apply a blocking rule to shut down the communication if any matches occur.

FireNet – Bring Your Own NGFW Firewall Service Insertion

Aviatrix FireNet connects Palo Alto Networks, Check Point, Fortinet, and F5 firewalls to the Aviatrix secure cloud network backbone. The FireNet feature, along with Aviatrix Gateways, delivers high-performance, load balancing without SNAT and automated route propagation to easily deploy and scale out NGFWs with a consistent perimeter of architecture in all of the major public clouds.

Secure User VPN Gateway

Aviatrix Gateway can deliver SSL VPN termination supporting OpenVPN® and Aviatrix SAML clients. Each VPN user can be assigned to a profile defined by access privileges to the network, host, protocol, and ports. When a VPN user connects to the public cloud via an Aviatrix VPN Gateway, the access control is dynamically enforced.

High-Performance Encryption, Line-Rate up to 100 Gbps

Standard IPsec throughput is limited to a single processing core and single tunnel, resulting in 1.25 Gbps of encrypted throughput, regardless of the throughput capabilities of the underlying transport. Aviatrix Gateways leverage patented technology to aggregate processing cores and tunnels to achieve wire-speed IPsec throughput up to 100 Gbps.

Multicloud Network Segmentation

Aviatrix Gateways make it possible to isolate traffic to specific routes, allowing the isolation of well-defined groups such as customers or partners. These policies are enforced the same in every cloud so that policies can be centrally defined and used across a multicloud environment.


If the traffic path of the expressed intent does not flow through an Aviatrix Gateway (e.g. traffic flow in between two instances within a VPC or VM within a vNet), the Aviatrix controller will leverage native security groups to apply the intended policy, abstracting this from the operator.


Why We Are Better

Embedded security. It’s that simple.

Native cloud networking services do not offer end-to-end encryption or embedded network security; they rely on traditional bolt-on network security architecture, which increases complexity and increases business risk caused by human errors. Aviatrix delivers end-to-end, high-performance encryption with embedded network security for distributed inspection and policy enforcement.


Every Aviatrix Gateway delivers both networking and network security functionality. This architecture allows IT to centrally manage networking and network security while distributing packet processing, inspection, and enforcement throughout a multicloud network.

Become the cloud networking hero of your business.

See how Aviatrix can increase security and resiliency while minimizing cost, skills gap, and deployment time.