Transit FireNet Workflow Prerequisites

Subscribe to the firewall instance (AWS only).
If you want to attach Spokes to your FireNet, you must create the Spokes beforehand.
Any Transit FireNet connections that use BGP over LAN must also have DNAT or SNAT configured.
For AWS TGW, ensure that a Firewall Domain is created in the AWS TGW before adding FireNet functionality.

If desired, you can create VPCs/VNets ahead of time that have the Transit + FireNet VPC Function option selected, ensuring that the necessary subnets and interfaces are already created in those VPC/VNets in preparation for using the Transit FireNet feature. If when adding FireNet to a Transit gateway you decide to use a VPC/VNet that does not have the Transit + FireNet function selected, you must subsequently create the necessary subnets and interfaces in the relevant cloud service provider.

When FireNet is added to a Transit gateway, a firewall can be inserted into the Aviatrix Transit VPC/VNet. East-west and egress traffic is inspected by these firewalls, unless traffic inspection is explicitly disabled (by using an Egress FireNet or disabling the Traffic Inspection option). <some of this might be repeated from the Overview topic>