Enterprise Cloud Firewall Network Services

As enterprises move to the cloud, security teams want to add in-line firewalling as a service to their cloud architecture. Services like IDS/IPS, layer 7 (application layer) filtering and threat detection, traditionally used by data center security teams, have become key requirements for enterprise cloud architects.

The Aviatrix Firewall Network Service allows you to bring your current firewall solution to the cloud and easily integrate with native cloud networking constructs. This Aviatrix service supports next-generation firewalls for inspection of all, or specified, traffic flows: on-premise to/from Cloud, Egress to Internet, Ingress from Internet and VPC to VPC/VNET traffic.

• Complete orchestration and propagation of routes to firewalls, transit gateways and VPCs or VNETs
• Elimination of IPSec Tunnel requirement with AWS Transit Gateway, increasing throughput performance by over 10 times
• Elimination of Source Network Address Translation (SNAT) at the firewall, maintains source address visibility

In AWS, cloud firewall deployments require IPSec tunnels (and/or ECMP) to route traffic from VPCs to these appliances. This increases the complexity of deploying and managing the firewalls and forces trade-offs in performance, scale and visibility.

Aviatrix Firewall Network Service decouples networking functions and security functions. There is no IPSec tunnels between the cloud resources, such as AWS Transit Gateway (TGW), and firewall instances, simplifying deployment, maximizing performance and allowing, the best scale possible.

Aviatrix’s Firewall Network Service provides a next generation architecture for deploying enterprise firewall security in public clouds.

• Simplicity. Leveraging the Aviatrix intelligent orchestration and control service, the Firewall Network Service eliminates complex cloud networking challenges.
• Maximize performance. The Firewall Network architecture eliminates the performance burden imposed by IPSec tunnels on firewall instances. As a result, each firewall instance can perform at maximum throughput.
• Maximize Scale: Leveraging an active-active failover architecture, Aviatrix gateways deliver load balancing, without requiring source NAT (SNAT), maintaining full lost when using native constructs.
• Built-in High Availability: The Aviatrix Controller manages HA failover for firewalls by monitoring the health of the instance connections. When an issue is detected, the controller reprograms both Aviatrix gateways and cloud infrastructure route entries to bypass the impacted instance connections.