Protect Your Traffic with Egress Security

Egress Security in Aviatrix PaaS involves monitoring network traffic to the Internet and protecting the traffic using Distributed Cloud Firewall Rules, SmartGroups, and WebGroups.

A Monitor Egress Traffic wizard is available on the Dashboard to walk you through the Egress Security workflow:

  • Onboard selected VPC/VNets with a selected Performance Size

  • Enable Egress Monitoring on those VPC/VNets

Prerequisites

Egress Traffic Overview

On the Egress > Overview tab, view your current Egress Security Score and the protection status of your VPC/VNets.

Egress Traffic Analysis

On the Egress > Analyze tab, view the Top Destinations, Domains, and Source IPs discovered in your traffic flows.

Egress Traffic Protection

On the Egress > Protected VPC/VNets tab, onboard, monitor, and protect your VPC/VNets.

After VPC/VNets are monitored:

  • The top traffic destinations, domains, and offenders are displayed on the Security > Egress > Analyze tab.

  • They are added to a Monitored VPCs SmartGroup and a Monitor DCF Rule. Subsequent monitored VPC/VNets are added to the same SmartGroup and Rule.

  • Their status changes to Monitored on the Protected VPC/VNets tab.

After VPC/VNets are protected:

  • The VPC/VNets continue to be monitored as per above.

  • They are added to a Protected VPC/VNets SmartGroup and a Protected VPCs rule. Subsequent protected VPC/VNets are added to the same SmartGroup and Rule.

  • A new WebGroup is created for the selected trusted domains.

  • A new SmartGroup is created for the selected VPC/VNets.

  • A new "permit" rule is created that contains the trusted domains.

  • They are included in the Egress Security Score calculation.