Cloud NGFW for AWS
Cloud NGFW for AWS Distributed Deployments
Table of Contents
Cloud NGFW for AWS Distributed Deployments
Cloud NGFW for AWS distributed deployments.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
In a distributed deployment, each VPC that requires protection has its own NGFW. This
deployment method is less complicated and, therefore, reduces the chance of
misconfiguration.
For additional examples of distributed deployments, see Cloud NGFW for AWS Deployment
Architectures.
Distributed East-West (intra-VPC)
- Traffic from the source instance is routed to the NGFW endpoint and on to the NGFW for inspection.
- If the traffic is allowed, the NGFW endpoint sends the traffic on to the destination.
Distributed Outbound
- Traffic from the source instance is routed to the NGFW endpoint and on to the NGFW for inspection.
- If the traffic is allowed, the NGFW endpoint sends the inspected traffic to the NAT gateway.
- The NAT gateway sends the traffic to the internet gateway.
- The traffic continues to the internet and the destination.
Distributed Inbound
- Traffic from the source arrives at the internet gateway.
- The internet gateway routes the traffic to the NGFW endpoint and then to the NGFW for inspection.
- If the traffic is allowed, the NGFW endpoint routes the traffic to the application load balancer.
- The application load balancer forwards the traffic to the destination.
