Aviatrix Aviatrix Documentation
Resources
Terraform Support
Request Demo
Controller
Latest Versions
  • Controller
      • Aviatrix Overview
        • What’s New?
        • Multicloud Rosetta Stone
        • Aviatrix Glossary
        • General Glossary
        • Metered AMI Pricing Book
        • Aviatrix Feature Modes
      • Getting Started
        • AWS Getting Started Guide
        • Azure Getting Started Guide
        • Google Getting Started Guide
        • Oracle Cloud Infrastructure (OCI) Getting Started Guide
      • Planning Secure Networks
        • Overview of Aviatrix Multicloud Transit Network
          • Multicloud Transit Network Design Patterns
          • Transit Network Segmentation Overview
        • Overview of Aviatrix ActiveMesh
          • ActiveMesh 2.0
          • ActiveMesh Design Notes
          • ActiveMesh HPE Performance Benchmark
        • Overview of Aviatrix High-Performance Encryption
          • Aviatrix High Performance Encryption for GCP
          • Aviatrix CloudN Hardware Appliance
        • Overview of Aviatrix Secure Edge
          • Aviatrix Secure Edge Use Cases
          • Aviatrix Secure Edge Design Patterns
        • Overview of Aviatrix Site2Cloud
          • Site2Cloud Case Study
          • Overlapping Network Connectivity Solutions
          • Site2Cloud Configurations with External Devices
        • Aviatrix Multicloud Transit Network on AWS Cloud
          • Centralized FireNet
          • AWS Network Limits and Limitations
          • AWS Transit Gateway Limits
          • Encryption over Direct Connect/ExpressRoute
          • Anonymous Internet Surfing Solution Overview
          • Connect to Floating IP Addresses in Multiple AWS Availability Zones
          • AWS Multi-Cloud Transit BGP over LAN Workflow
          • Solving Overlapping Networks with Network Mapped IPsec
          • Using IPv6 to Connect Overlapping VPC CIDRs
        • Aviatrix Transit Network on Azure Cloud
          • Azure Transit Network Design Patterns
        • Aviatrix in China Regions Overview
        • Extending Your Workloads to Public Cloud
      • Deploying Secure Networks
        • Multicloud Single-Region Deployments
        • Multicloud Multi-Region Deployments
          • Multicloud Multi-Region Network Workflow
          • Multicloud Transit Gateway Peering over Private Network Workflow
          • Multicloud Transit Gateway Peering over Public Network Workflow
          • Aviatrix BGP over LAN with Cisco Meraki in AWS
        • Aviatrix Secure Edge Deployment
          • Deploying Aviatrix Secure Edge on VMware ESXi and KVM
          • Deploying Aviatrix Secure Edge on Equinix Network Edge
          • Configuring Edge Gateway with Transitive Routing
          • Configuring Edge Gateway with Transit Peering over Public Network
          • Configuring NAT on Edge Gateway
          • Setting Up Default RBAC Access Account
        • Aviatrix CloudN Workflow
          • CloudN Deployment Checklist
        • Site2Cloud Deployments
          • Site2Cloud Configuration Workflow
          • Aviatrix Transit Gateway to External Devices
          • Aviatrix Spoke Gateway to External Devices (BGP-Enabled Spoke)
          • Aviatrix Gateway to Azure VPN Gateway
          • Aviatrix Gateway to Aviatrix Gateway
          • Aviatrix Gateway to AWS Virtual Private Gateway (VGW)
          • Aviatrix Gateway to Oracle DRG
          • Aviatrix Gateway to Palo Alto Firewall
          • Aviatrix Gateway to Check Point(R77.30)
          • Aviatrix Gateway to Check Point (R80.10)
          • Aviatrix Gateway to Cisco ASA
          • Aviatrix Gateway to Cisco IOS Router
          • Aviatrix Gateway to Sonicwall
          • Aviatrix Gateway to pfSense
          • Aviatrix Gateway to FortiGate
          • Connecting Meraki Network to Aviatrix Transit Network
          • Aviatrix Gateway to Meraki MX64
          • Aviatrix Gateway to Meraki vMX100
          • Aviatrix Gateway to Juniper SRX
        • OpenVPN Deployments
          • Deploying Aviatrix User SSL VPN
          • OpenVPN + FQDN Filter Solution
          • Configuring VPN Access by Geolocation
          • Aviatrix Controller Security for SAML auth based VPN Deployment
          • Site to Site IPsec VPN Connection
        • Network Segmentation Workflow
        • AWS Cloud Deployments
          • GRE Tunneling for Multicloud Transit Gateway to On-Prem
        • Azure Cloud Deployments
          • Multicloud Transit Integration with Azure VNG
          • Azure Multicloud Transit BGP over LAN Workflow
          • Configuring Azure Multi-Peer BGP Over LAN Workflow
          • Configuring Azure Multi-Peer BGP over LAN with Azure Route Server Integration
          • Encryption over Direct Connect/ExpressRoute
          • Azure Controller Security for SAML Based Authentication VPN Deployment
          • Transit FireNet Workflow for Azure
          • Use Subnet Inspection to Redirect Subnet-Level Traffic
          • Subnet Groups Management Workflow
        • GCP Cloud Deployments
          • GCP Multi-Peer BGP over LAN Workflow
        • OCI Cloud Deployments
          • Transit FireNet Workflow for OCI
      • Accounts and Users
        • Managing Aviatrix Accounts
          • Managing Access Accounts
          • Admin Users and Duo Sign in
          • Role-Based Access Control Overview
        • Managing CSP-Specific Accounts
          • AWS IAM Overview
            • Account with Access Key for AWS China Accounts
          • Setting up Azure Account Credentials
          • Use Azure IAM Custom Role
          • Setting up Alibaba Cloud Account Credentials
          • GCP Account Onboarding
      • Building Your Network
        • Launching a Gateway
          • About Aviatrix Gateway Settings
          • About Transit Gateway Advanced Settings
          • About VPN Gateway Settings
          • About Gateway States
          • About Gateway Keepalive
          • Using VPC/VNet DNS Server
          • Monitoring a Gateway Subnet
          • Encrypted Transit Approval
          • Deploying Azure Gateways and Firewalls using PowerShell
        • Setting up Transit Gateway Encrypted Peering
        • Summarizing Spoke VPC/VNet CIDR Ranges
        • Enabling NAT Functions
          • NAT for non-tunnel-bound Traffic
          • Egress NAT to a Pool of IP Addresses
          • Edit Secondary IPs (for AWS)
        • Enabling BGP
          • About BGP Connections and Settings
          • Troubleshooting BGP Connections
        • Working with ActiveMesh
          • Aviatrix ActiveMesh with Customized SNAT and DNAT on Spoke Gateway
          • Migrating from Classic Aviatrix Encrypted Transit Network to Aviatrix ActiveMesh Transit Network
          • Troubleshooting ActiveMesh Transit Gateway
        • Enabling Gateway and Tunnel High-Availability
        • Encrypted Peering Overview
          • Configuring Encrypted Peering
          • Peering Over Route Limit
        • Connecting Transit Gateway to External Device
        • Gateway Route Handling
          • Aviatrix Default Route Handling
          • What is route based VPN and policy-based VPN?
          • Why can’t my VPN client access a newly created VPC/VNet?
          • VPN User Accelerator
        • Multicloud Transit Network Workflow Instructions (AWS/Azure/GCP/OCI)
        • AWS Transit Gateway Orchestrator
          • Aviatrix TGW Orchestrator FAQ
          • Extending AWS TGW Domains into Other CSPs
          • TGW Plan
            • Creating an AWS TGW
            • Creating a New Network Domain
            • Building Your Domain Connection Policies
            • Setting up an Aviatrix Transit GW
            • Preparing the Aviatrix Transit GW for TGW Attachment
            • Attaching an Aviatrix Transit GW to TGW
          • TGW Build
          • TGW Orchestrator List
          • TGW Approval
          • TGW Design Patterns
          • Migrating a CSR Transit to AWS Transit Gateway (TGW)
          • Migrating a DIY TGW to Aviatrix Managed TGW Deployment
          • AWS TGW Connect over Direct Connect
          • AWS Transit Gateway Route Limit Test Validation
          • Aviatrix NEXT GEN TRANSIT with customized SNAT and DNAT features
        • Building Site2Cloud Connection
          • Site2Cloud with Customized SNAT
          • Site2Cloud with NAT to fix Overlapping VPC Subnets
          • Connect Overlapping VPC/VNet to On-Prem
          • Site2Cloud to a Public IP Address
          • Using Aviatrix Site2Cloud Tunnels to Access VPC Endpoints in Different Regions
          • Encryption over Direct Connect/Express Route
          • Site2Cloud Certificate-Based Authentication
          • Connecting Networks with Overlapping CIDRs
          • Detecting Site2Cloud Tunnel Failure Using Periodic Ping
          • Troubleshooting Spoke VPC/VNet and On-Prem Connection
          • Tuning For Sub-10 Seconds Failover Time in Overlapping Networks
          • CloudN for Site2Cloud
        • Setting Up OpenVPN with SAML Authentication
          • LDAP Configuration for Authenticating VPN Users
          • Okta Authentication with Okta API Token
          • Duo Authentication
          • OpenVPN® with SAML Authentication on Okta IdP
          • openvpn-saml-authentication-google.adoc
          • OpenVPN® with SAML Authentication on OneLogin IdP
          • OpenVPN® with SAML Authentication on AWS SSO IdP
          • OpenVPN® with SAML Authentication on Azure AD IdP
          • OpenVPN® with SAML Authentication on Centrify IdP
          • OpenVPN® with SAML Authentication on Ping IdP
          • External PKI for OpenVPN Certificates
          • Setting up Okta SAML with Profile Attribute
          • Setting up PingOne for Customers Web SAML App with Profile Attribute
          • Azure Controller Security for SAML Based Authentication VPN Deployment
          • Assigning a User to a Profile
          • Customize Notifications
          • Set Minimum Aviatrix VPN Client Version
          • Set VPN Timeout Value
          • Turn Off NAT for OpenVPN
          • Setting Up Profile-Based Security Policies
          • Use IPv6 for User VPN Access
          • UDP LoadBalanced VPN using DNS
          • Troubleshooting IPsec VPN connection with IKEv2
      • Firewall and Security
        • Overview of Firewall Network (FireNet)
        • Planning Your FireNet Implementation
        • Firewall Network (FireNet) Workflow
          • How does Transit FireNet work?
        • Deploying Your FireNet Implementation
          • Transit FireNet Workflow for AWS
            • Centralized FireNet
            • Centralized FireNet Migration
            • Configuring Palo Alto in AWS
            • Configuring FortiGate in AWS
            • Configuring Check Point in AWS
              • Deploy Check Point Instance from AWS Marketplace
            • Deploying Check Point CloudGuard
          • Transit FireNet Workflow for AWS TGW
            • Configuring Palo Alto in AWS
            • Configuring FortiGate in AWS
            • Configuring Check Point in AWS
              • Deploy Check Point Instance from AWS Marketplace
            • Deploying Check Point CloudGuard
          • Transit FireNet Workflow with AWS Gateway Load Balancer (GWLB)
          • Transit FireNet Workflow for Azure
            • Configuring Palo Alto in Azure
            • Configuring FortiGate in Azure
            • Configuring Check Point in Azure
          • Transit FireNet Workflow for GCP
            • Configuring Palo Alto in GCP
            • Configuring FortiGate in GCP
          • Transit FireNet Workflow for OCI
            • Configuring Palo Alto in OCI
          • FireNet Advanced Configuration
        • Bootstrap Configuration Example for Check Point in AWS
        • Bootstrap Configuration Example for FortiGate in AWS
        • Bootstrap Configuration Example for Palo Alto VM-Series in AWS
        • Bootstrap Configuration Example for Check Point in Azure
        • Bootstrap Configuration Example for FortiGate in Azure
        • Bootstrap Configuration Example for Palo Alto VM-Series in Azure
        • Overview of Public Subnet Filtering Feature
        • Overview of PrivateS3 (AWS)
          • Using the AWS PrivateS3 Feature
        • Private Mode
        • Overview of Aviatrix Stateful Firewall
          • Planning Your Stateful Firewall
          • Deploying the Aviatrix Stateful Firewall
        • Planning Your Ingress Traffic Deployment
          • FireNet Ingress Traffic Inspection
          • AWS Ingress Firewall Setup Solution
          • Azure Ingress Firewall Setup Solution
          • Ingress Protection via Aviatrix Transit FireNet with FortiGate
          • Ingress Protection via Aviatrix Transit FireNet with Palo Alto in GCP
        • Centralized Egress
          • Planning Your Centralized Egress Deployment
        • FireNet Egress Control
          • Overview of Egress Control Filter
          • Planning Your Egress Control Deployment
          • Egress Control Filter Workflow
          • Egress FQDN View Log
          • Egress FQDN Discovery
        • Launching and Associating Aviatrix FQDN Gateway
        • Deploying a Public Subnet Filtering Gateway
        • Enabling FQDN Gateways
        • Setting up Your Third-Party Firewalls
          • Setting up Your Barracuda Firewall
          • Setting up your PFSense Firewall
          • Setting up API Access to Palo Alto Networks VM-Series
        • Managing VM-Series by Panorama
        • Amazon GuardDuty Integration
          • Amazon GuardDuty Configuration
          • Amazon GuardDuty Polling
      • Aviatrix OpenVPN
        • Overview of Aviatrix OpenVPN®
        • Aviatrix OpenVPN FAQ
        • OpenVPN® Design for Multi-Accounts and Multi-VPC/VNets
        • OpenVPN AWS TGW
        • User VPN Performance
        • Download the Aviatrix VPN Client
      • Platform Administration
        • Upgrading the Aviatrix Platform
        • Upgrading Gateway Image
        • Migrating Your Aviatrix Controller
        • Controller Backup and Restoration
        • Controller High Availability in AWS
        • Controller and Gateway Logging
        • NetFlow Integration
        • Tuning For Sub-10 Seconds Failover Time in Overlapping Networks
        • Emails and Alert Configuration
        • Gateway Audit (for AWS)
        • Controller Passwords
        • IPSec Configuration
        • BGP Configuration
        • Proxy Configuration
        • LDAP Authentication
        • SAML Authentication
        • Controller Security for SAML auth based VPN Deployment
          • Enable SAML App for a group of users in G-Suite using Organization
        • Controller Certificate Management: Generate CSR and Import Certificate
        • Controller Certificate Management: Import a Certificate with Key
        • Controller Access: for AWS users with a large scale setup
        • FIPS 140-2 Module
        • Error Messages
        • FlightPath
        • Diagnostics
          • Troubleshooting Your Multicloud Network
          • Troubleshooting Diagnostics Results
      • Security Updates
        • Security Patches
        • PSIRT Advisories
      • Release Notes
        • Controller and Gateway Release Notes
        • Aviatrix Controller and Gateway Image Release Notes
        • Aviatrix VPN Client
        • Field Notices
  • CoPilot
  • Controller
  • Deploying Secure Networks

Deploying Secure Networks

This section includes sample Aviatrix Multicloud Transit Network architecture deployment workflows.

Topics

  • Multicloud Single-Region Deployments

  • Multicloud Multi-Region Deployments

  • Aviatrix Edge Deployment

  • Aviatrix CloudN Workflow

  • Site2Cloud Deployments

  • OpenVPN Deployments

  • Network Segmentation Workflow

  • AWS Cloud Deployments

  • Azure Cloud Deployments

  • GCP Cloud Deployments

  • OCI Cloud Deployments

Extending Your Workloads to Public Cloud Multicloud Single-Region Deployments
Aviatrix
  • Home
  • Docs
  • Support
  • Terms of Use
  • Legal Notice
  • Doc Feedback

Copyright © 2025 Aviatrix Systems, Inc 2901 Tasman Dr #109, Santa Clara, CA 95054