Enabling Local Egress

If a WebGroup is already configured on a VPC/VNet, make sure that at a minimum they have the following instance size or larger before enabling Local Egress:

  • VPC (AWS): t3.medium

  • VNet (Azure): Standard_B2ms

On the Security > Egress > Egress VPC/VNets tab you can enable Local Egress on selected Spoke VPC/VNets that do not already have Egress enabled, and that are not attached to a Transit FireNet gateway.

When you add Local Egress on a VPC/VNet this:

  • Changes the default route on the VPC/VNET to point to the Spoke Gateway

  • Enables SNAT

Ensure additional CPU resources are created on the Spoke gateway to support Local Egress.

egress vpc vnets tab

To enable Local Egress:

  1. On the Security > Egress > Egress VPC/VNets tab, do one of the following:

    • Select one or more VPC/VNets and click Enable Local Egress.

    • Click the vertical ellipsis 15 next to a VPC/VNet and select Enable Local Egress.

  2. The Enable Local Egress on VPC (VNets) dialog displays. Click Enable to acknowledge that enabling local egress changes the default route and enables SNAT.

If you select a VPC/VNet that is part of a Transit Egress this overrides the Transit Egress.

You cannot enable egress on Global VPCs because SNAT is not currently supported for Global VPCs.

Removing Local Egress

The following occurs when you remove Local Egress support:

  • SNAT is disabled

  • Default route is reset to Transit Egress or Native Cloud Egress

To remove Local Egress from a Spoke gateway:

  1. On the Security > Egress > Egress VPC/VNets tab, click the vertical ellipsis 15 icon next to the Spoke gateway from which you want to remove Local Egress.

  2. Click Remove Local Egress.