Monitoring Egress Traffic

If you configured Egress (in Aviatrix Controller or CoPilot) prior to Controller 7.1/CoPilot 3.11, you continue configuring rules in the Aviatrix Controller with the legacy Egress solution. If a Spoke Gateway already has FQDN enabled via legacy Egress in the Controller, it cannot be used in your Distributed Cloud Firewall configuration.

For more information on configuring the legacy Egress solution, go here.

You access the Egress page from CoPilot > Security > Egress or by typing Egress in the navigation search.

The Overview tab shows you the following information for egress traffic rules you configured:

  • The top egress rules hit

  • The top Internet domains attempted to be accessed

  • The top source IPs of users/applications/workloads that are attempting Internet access

  • The VPC/VNets that have the top usage (in %) of Internet-bound egress traffic

The Monitor tab shows egress FQDN data and enables you to view live logs for egress traffic when you select Live View option. You can display and download these logs.

On the Egress VPC/VNets tab, you specify the VPC/VNet(s) you want to view egress results for as a first step and CoPilot populates the table with the results.

On the Transit Egress tab, you can enable Egress on Transit gateways.

For information about how to configure egress traffic rules, see Implementing Egress in an Aviatrix-Managed Network.