Aviatrix Blog

Cloud-Native Networking for Enterprises

Archive

Aviatrix Blog

Press Release: Firewall Network Service

Aviatrix Extends its Enterprise Multi-Cloud Backbone Portfolio with Firewall Network Service

Simplicity, Performance and Scale for Palo Alto Networks VM-Series with AWS Transit Gateway
BOSTON, MASS. AWS RE:INFORCE , JUNE 25, 2019

Aviatrix, pioneers of the Enterprise Multi-Cloud Backbone, today announced the Aviatrix Firewall Network Service, an extension to its portfolio that delivers the simplest, quickest-to-configure, highest performance scale-out architecture to deploy Palo Alto Networks VM-Series next-generation firewalls, initially with Amazon Web Services (AWS) Transit Gateway.

Gartner predicts the worldwide public cloud services market will continue to grow rapidly and exceed $200 billion in 2019. As expansion accelerates, however, so do the symptoms of complexity as all businesses struggle to scale more clouds and applications – reaching the limits of their ability to cohesively manage integration, while still ensuring performance, security and visibility.

“Our customers are ‘all in’ on cloud. They want to bring their next-generation firewall policies to the cloud, but find it an incredibly complicated and manual process and extremely difficult to maintain at the scale most envision,” said Ryan Young, Director of Engineering at Vandis, Inc. “Combining Aviatrix’s Firewall Network Service with Palo Alto Networks VM-Series simplifies customer deployments and gives our customers the functionality and the operational model they expect from a cloud service.”

“Just as in traditional networks, next-generation firewalls are a critical security service in a cloud network and security architecture,” said Rod Stuhlmuller, Vice President of Marketing at Aviatrix. “Our new Firewall Network Service – born in the cloud, for the cloud – simplifies deployment of VM-Series firewalls with AWS Transit Gateway by automating many manual operations and overcoming performance and scale compromises when using AWS native transit network constructs.”

How the Aviatrix Firewall Network Service Works

Central to the Aviatrix Firewall Network Service for next-generation firewalls, is Aviatrix’s intelligent controller. Delivering intelligent orchestration and control of native cloud services through the AWS Transit Gateway, the controller interconnects virtual private clouds (VPC) and on-premises networks. Notably, capitalizing on the controller’s native integration into the Gateway allows for delivery of many other advanced services from Aviatrix.

A challenge for customers deploying VM-Series firewalls in an AWS Transit Gateway is that they are required by the native cloud networking constructs to negotiate trade-offs in performance and visibility as they increase scale (Figure 1), limiting access to the full benefits of the VM-Series.

Aviatrix removes these restrictions. By removing the need to use IPSec tunneling for route propagation and packet forwarding, Aviatrix delivers a better-than-10x increase in network throughput to the firewall, allowing the VM-Series to operate at optimal performance. And, Aviatrix removes the visibility loss when forced to perform source network address translation (SNAT) at the firewall, avoiding asymmetric routing when leveraging equal-cost multi-path routing (ECMP) to scale in a native AWS Transit Gateway implementation.

“As more enterprises move mission-critical applications to the public cloud, security and compliance often require inline firewall services, like our Palo Alto Networks VM-Series,” said Adam Geller, Senior Vice President, Cloud Product and Engineering at Palo Alto Networks. “Aviatrix services extend native network constructs to allow VM-Series customers to maximize both performance and scale, while greatly simplifying their enterprise cloud deployments.”

Centrally managed by the Aviatrix Controller, the Firewall Network Virtual Private Cloud (VPC) is natively attached to the AWS Transit Gateway. The Aviatrix Firewall Network Service gateways load-balance packets across firewall instances and retain full visibility across all traffic.

In addition, the Aviatrix intelligent orchestration and control service reduces the entire (Figure 2) installation and configuration time from hours/days to minutes. It automates the propagation of routes across all VPCs and VM-Series firewalls, directing specified traffic through the VM-Series firewalls for inspection. Aviatrix gateways load-balance packets across multiple availability zones to scale out firewall instances deployment. As a result, Aviatrix creates a frictionless journey for bringing next-generation firewalls to the cloud.

About the Enterprise Multi-Cloud Backbone

Public cloud providers – such as AWS, Azure and Google – have become the physical infrastructure for the new virtual enterprise data center. The Enterprise Multi-Cloud Backbone is the new architecture that embraces and extends native public cloud networking constructs and infrastructure to deliver private, multi-region and multi-cloud transit networking and security services for enterprise IT. These services create an abstracted layer over-the-top of public clouds to deliver operational simplicity, security and performance. Enterprise Multi-Cloud Backbone services, include advanced transit networking, network segmentation, next generation firewall connectivity, secure user and site-to-cloud VPN, cloud to internet egress filtering, high-performance encryption, and many more.

To learn more about Aviatrix Enterprise Multi-Cloud Backbone Service Portfolio: www.aviatrix.com

Learn more about Aviatrix’s Firewall Network Service.