Protect Your Traffic with Egress Security

Egress Security in Aviatrix PaaS involves monitoring network traffic to the Internet and protecting the traffic using Distributed Cloud Firewall Rules, SmartGroups, and WebGroups.

paas protection workflow

This diagram shows VPC/VNets in their various protection states.

A Monitor Egress Traffic wizard is available on the Dashboard to walk you through the Egress Security workflow:

  • Onboard selected VPC/VNets with a selected Performance Size

  • Enable Egress Monitoring on those VPC/VNets

Prerequisites

Egress Traffic Overview

On the Egress > Overview tab, view your current Egress Security Score and the protection status of your VPC/VNets.

Egress Traffic Analysis

On the Egress > Analyze tab, view the Top Egress Rules Hit, Top Source IPs, Top Destinations, and Top Domains discovered in your traffic flows.

Egress Traffic Protection

On the Egress > Protected VPC/VNets tab, onboard, monitor, and protect your VPC/VNets.

After VPC/VNets are monitored:

  • The top traffic destinations, domains, and offenders are displayed on the Security > Egress > Analyze tab.

  • They are added to a Monitored VPCs SmartGroup and a Monitor DCF Rule. Subsequent monitored VPC/VNets are added to the same SmartGroup and Rule.

  • Their status changes to Monitored on the Protected VPC/VNets tab.

After VPC/VNets are protected:

  • The VPC/VNets continue to be monitored as per above.

  • They are added to a Protected VPC/VNets SmartGroup and a Protected VPCs rule. Subsequent protected VPC/VNets are added to the same SmartGroup and Rule.

  • A new WebGroup is created for the selected trusted domains.

  • A new SmartGroup is created for the selected VPC/VNets.

  • A new "permit" rule is created that contains the trusted domains.

  • They are included in the Egress Security Score calculation.