Enabling Local Egress
If a WebGroup is already configured on a VPC/VNet, make sure that at a minimum they have the following instance size or larger before enabling Local Egress:
|
On the Security > Egress > Egress VPC/VNets tab you can enable Local Egress on selected Spoke VPC/VNets that do not already have Egress enabled, and that are not attached to a Transit FireNet gateway.
When you add Local Egress on a VPC/VNet this:
-
Changes the default route on the VPC/VNET to point to the Spoke Gateway
-
Enables SNAT
Ensure additional CPU resources are created on the Spoke gateway to support Local Egress. |
To enable Local Egress:
-
On the Security > Egress > Egress VPC/VNets tab, do one of the following:
-
Select one or more VPC/VNets and click Enable Local Egress.
-
Click the vertical ellipsis
next to a VPC/VNet and select Enable Local Egress.
-
-
The Enable Local Egress on VPC (VNets) dialog displays. Click Enable to acknowledge that enabling local egress changes the default route and enables SNAT.
If you select a VPC/VNet that is part of a Transit Egress this overrides the Transit Egress. You cannot enable egress on Global VPCs because SNAT is not currently supported for Global VPCs. |
Removing Local Egress
The following occurs when you remove Local Egress support:
-
SNAT is disabled
-
Default route is reset to Transit Egress or Native Cloud Egress
To remove Local Egress from a Spoke gateway:
-
On the Security > Egress > Egress VPC/VNets tab, click the vertical ellipsis
icon next to the Spoke gateway from which you want to remove Local Egress.
-
Click Remove Local Egress.