Network Security
Advanced Security with Distributed Cloud Firewall
Your Aviatrix network incorporates security at every level.
The Aviatrix Distributed Cloud Firewall provides advanced security, including:
-
Layer 4 visibility and policy enforcement
-
URL/FQDN Filtering with WebGroups (was Egress FQDN Filtering)
-
Reputation-based Threat Detection/Prevention (ThreatIQ)
-
Blocking/filtering IPs based on geographical area (GeoGroups)
-
Transparent MITM decryption and Advanced Threat Detection with Suricata
-
Aviatrix SmartGroups that allow the Distributed Cloud Firewall to apply policies dynamically. It does so based on tags and attributes.
| Aviatrix recommends using DCF with GeoGroups and ThreatGroups. ThreatIQ is only visible in Controller version 7.2.4820 if you configured it prior to 7.2.4820. |
The entire system is managed like a single virtual firewall.
Aviatrix encrypts all data in-transit. Aviatrix high-performance encryption (HPE) frees you from standard IPSec speed limits. You do not need to sacrifice performance for security. The goal is to create secure transit connections between cloud service providers (CSPs) and CSP regions. This is to avoid the complexity and long delays of direct connections.
With Aviatrix Transit FireNet, you can also add firewalls from partners. These partners include Check Point, F5, Fortinet, and Palo Alto Networks.
Network Security covers the following features:
-
Configuring Distributed Cloud Firewall
-
Monitoring Distributed Cloud Firewall
-
Advanced Security Features
-
Legacy to Distributed Cloud Firewall Migration
-
Building a Zero Trust Cloud Network Architecture with Aviatrix