Firewall Interface Specifications - Aviatrix Documentation

Check Point Specifications

Cloud Provider	Check Point VM Instance Interfaces	Description	Inbound Security Group Rule
AWS	eth0 (on subnet -Public-FW-ingress-egress-AZ-a) eth1 (on subnet -dmz-firewall)	Egress or Untrusted Interface (Egress Interface is used as the management interface) LAN or Trusted Interface	Controller version lower than 7.0.1577: Allow ALL from 0.0.0.0/0 Controller version 7.0.1577 and above: TCP 443, TCP 22
Azure	eth0 (on subnet -Public-FW-ingress-egress) eth1 (on subnet -dmz-firewall)	Egress or Untrusted Interface LAN or Trusted Interface	Allow ALL Allow ALL (do not change)

FortiGate Specifications

Cloud Provider	FortiGate VM Interfaces	Description	Inbound Security Group Rule
AWS	eth0 (on subnet -Public-FW-ingress-egress-AZ-a) eth1 (on subnet -dmz-firewall)	Egress or Untrusted Interface LAN or Trusted Interface	Controller version lower than 7.0.1577: Allow ALL Controller version 7.0.1577 and higher: TCP 443 is allowed from the Controller’s public or private IP
Azure	eth0 (on subnet -Public-FW-ingress-egress) eth1 (on subnet -dmz-firewall)	Egress or Untrusted Interface LAN or Trusted Interface	Allow ALL Allow ALL (do not change)

Palo Alto Specifications

Palo Alto firewall versions greater than 9.1.3 are supported in the GCP Transit FireNet configuration if you select one of the available Flex Next-Generation firewall options.

Cloud Provider	Palo Alto VM Interfaces	Description	Inbound Security Group Rule
AWS	eth0 (on subnet -Public-FW-ingress-egress-AZ-a) eth1 (on subnet -Public-gateway-and-firewall-mgmt-AZ-a) eth2 (on subnet -dmz-firewall)	Egress or Untrusted Interface Management Interface LAN or Trusted Interface	Allow ALL Controller version lower than 7.0.1577: Allow SSH, HTTPS, ICMP, TCP 3978
Azure	eth0 (on subnet -Public-gateway-and-firewall-mgmt) eth1 (on subnet -Public-FW-ingress-egress) eth2 (on subnet -dmz-firewall)	Management Interface Egress or Untrusted Interface LAN or Trusted Interface	Allow SSH, HTTPS, ICMP, TCP 3978 Allow ALL Allow ALL (do not change)
GCP	nic0 nic1 nic2	Egress or Untrusted Interface Management Interface LAN or Trusted Interface	Allow ALL Allow SSH, HTTPS, ICMP, TCP 3978 Allow ALL (do not change)

Supported Firewall Versions Aviatrix FireNet / AWS Transit Gateway Native Deployment Comparison

Load Balancing Traffic Between Different Firewalls

⌘I

Check Point Specifications
FortiGate Specifications
Palo Alto Specifications