Egress FQDN Discovery¶
Discover what Internet sites your apps visit before you configure Egress FQDN Filter.
If you already know the sites you apps visit or the FQDN names you need to apply, skip Discovery step.
Go to Security -> Egress Control -> Egress FQDN Discovery. Select a gateway from the drop down menu and click Start. The monitoring will start, click Show at any time to see the captured destination sites. Click Stop to stop the entire Discovery process.
When you click “Start” button, the Controller will automatically enable SNAT function on the gateway. The Controller looks for all private subnets in the VPC and replace any 0.0.0.0/0 -> AWS NAT Gateway to instead points to the Aviatrix gateway.
During Discovery step, the Exception Rule must be enabled (the box should be checked which is the default setting.)
When you click “Stop” button, the VPC private route table entry for the default route (0.0.0.0/0) will be restored to its previous setting.
While the Discovery is in progress, click “Show” at any time to see the captured destination sites.
Click the “Download” during or after the Discovery, the destination list will be downloaded. You can later import the list to configure the FQDN Filter.
Note if a gateway is already attached to a FQDN tag, you cannot run the Discovery process, but you can view FQDN results immediately by going to Step 4 “Egress FQDN View Log”.