Managing Egress Security for VPC/VNets

Controller 8.0 is required for all features and functionality on this tab except for applying local egress to VPC/VNets.

The Egress VPC/VNets tab displays all VPC/VNets discovered by your cloud accounts and their protection status. VPC/VNets with No Egress status require the deployment of a Spoke gateway for Local Egress.

egress vpc vnets tab

The Egress VPC/VNets tab displays:

  • Spoke gateways that have Local Egress enabled (Spoke gateways that send traffic directly to the Internet).

  • Spoke gateways that have Transit Egress enabled (Spoke gateways that forward traffic to a Transit gateway, which then sends the traffic to the Internet).

    This Transit gateway must have Transit Egress Capability (selectable when you create a Transit gateway).
  • Spoke gateways where Egress is not configured by Aviatrix (Native Cloud Egress). These are not editable.

  • GCP Spoke gateways that have Global VPC and Transit Egress enabled. These are not editable.

  • Any Transit gateways attached to the Spoke gateways.

Actions on the Egress VPC/VNets Tab

You can do the following on this tab if you have upgraded to Controller 8.0 and have the DCF feature enabled:

You can do the following on this tab if you have not yet upgraded to Controller 8.0:

Views on the Egress VPC/VNets Tab

The following views are available on the Egress VPC/VNets tab:

  • Default View: Shows a comprehensive view of all VPC/VNets where Local Egress is enabled, including their protection status.

  • Local Egress: Displays VPC/VNets with Local Egress enabled, showing which Spoke gateways are sending traffic directly to the Internet.

  • Transit Egress: Displays VPC/VNets with Transit Egress enabled, where Spoke gateways forward traffic to a Transit gateway for Internet access.

  • Monitored VPC/VNets: Displays VPC/VNets that are being monitored for egress traffic, allowing you to see which VPC/VNets have traffic flows logged at L4/L7.

  • Unprotected VPC/VNets: Displays VPC/VNets that have direct access to the Internet without any egress protection applied.

  • Unmanaged VPC/VNets: Displays VPC/VNets that are not yet onboarded or do not have Aviatrix gateways deployed within them.