Design Guides

Egress FDQN Filtering Design Guide

Issue link:

Contents of this Issue


Page 0 of 6

AVIATRIX VALIDATED DESIGN Aviatrix Policy-Based Egress FQDN Filtering Solution Overview Aviatrix Egress FQDN Filtering is a multi-cloud service specifically designed to deliver centralized control over Internet-bound traffic from VPCs or VNets using Fully Qualified Domain Name (FQDN) filtering. The solution satisfies organizational and regu latory compliance initiatives for restricting outbound traffic to the Internet, such as PCI, HIPAA and SOC2, while eliminating the complexity of manually creating filtering rules at an instance level using constantly changing IP address lists. Powered by t he Aviatrix cloud network platform, the solution delivers enterprise-class visibility, centralized control, and multi-cloud optionality not available from native cloud services or open source proxy software. Cloud applications with unrestricted access to the Internet-based services expose your environment to attack. Best practices limit applications communicate to only known Internet-based services. For example, app tier services that require build packages from GitHub must have access to, but all other access should be filtered and blocked. Aviatrix provides the visibility to understand what Internet-based services your applications are communicating with and gives you the control to filter those communication by Fully Qualified Domain Names (FQDN). Aviatrix Egress FQDN Filtering provides visibility and control for traffic leaving VPCs or VNets. Aviatrix Gateways provide this filtering capability by filtering egress traffic by Fully Qualified Domain Names (FQDN), "Allowing" or "Blocking" lists of domain names to control the egress traffic based on policies. Filtering supports HTTP, HTTPS or other non-HTTP applications such as SFTP/SSH.

Articles in this issue

view archives of Design Guides - Egress FDQN Filtering Design Guide