About Transit FireNet Settings
This document describes the settings you can configure for an Aviatrix Transit FireNet Gateway after it is created.
-
Select a Transit FireNet.
-
Click its Settings tab.
-
Configure the following for the selected TransitFireNet:
Firewall Management Access
Advertise the Transit FireNet VPC/VNet CIDRS to on-prem. For example, if a firewall management console such as Palo Alto Networks Panorama is deployed on-prem, the Panorama can access the firewalls of their private IP addresses with this option configured.
Static CIDR Egress
Allow egress to a subnet of your IP address space from your on-prem data center to the Internet. Static CIDR egress is supported on Aviatrix Transit and AWS Transit gateways. You can add up to 20 subnets.
Exclude from East-West Inspection
(not applicable for Egress Transit FireNet)
Transit FireNet inspects all East-West (VPC/Vnet to VPC/VNet) traffic by default, but you may have an instance that you do not want inspected. The CIDRs listed here will not be subject to firewall policies/firewall policy errors.
CIDRs are excluded from East-West inspections only.
Firewall Forwarding
Select a 5-Tuple or 2-Tuple hashing algorithm:
-
2-Tuple hashes Source IP and Destination IP
-
5-Tuple hashes Source and Destination IP, Source and Destination Port, and Protocol Type.
By default, FireNet and AWS TGW FireNet use the 5-Tuple algorithm to load balance traffic across different firewalls. However, you can select 2-Tuple to map traffic to the available firewalls.