Firewall Network Design Patterns¶
1. Hybrid with TGW¶
FireNet supports AWS Transit Gateway (TGW), as shown below.
2. Hybrid with Insane Mode¶
FireNet supports AWS Transit (TGW) with Insane Mode,
3. Native TGW integration¶
In the Release 4.6, the hybrid deployment can be using native AWS Direct Connect Gateway.
4. Multi Region Transit with Native TGW integration¶
Connect to on-prem with AWS DXGW and use Aviatrix Edge gateway to connect to multiple regions.
5. Multi Region Transit with Aviatrix Edge¶
Connect to on-prem with an Aviatrix Edge gateway for both hybrid and multi regions.
6. Two Firewall Networks¶
You can deploy two Firewall Networks, one dedicated for VPC to VPC traffic inspection and another for Ingress/Egress inspection.
When Ingress inspection is deployed, make sure you enable SNAT on the firewall instance to source NAT the private IP address of NLB or a third party load balancer the IP address of LAN (or Trusted) interface of the FireNet.
Note you must follow the configuration sequence below:
- Disable the Traffic Inspection of the FireNet domain for Ingress/Egress.
- Enable Egress Control for FireNet domain for Ingress/Egress.
- Build connection policies.