Cloud NGFW for AWS
Cloud NGFW for AWS Isolated Deployment
Table of Contents
Cloud NGFW for AWS Isolated Deployment
Learn about isolated deployments for your Cloud NGFW for AWS resource.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
In an isolated deployment:
- You enable Cloud NGFW to secure traffic in multiple AWS VPCs.
- You share the Cloud NGFW resource across multiple VPCs in different AWS accounts.
Isolated Deployment for Ingress/Egress Traffic Inspection
In this deployment model:
- The internet gateway forwards the traffic destined to the public IP of the Application Load Balancer (ALB).
- As per the ALB subnet, any traffic going to the target group (workloads on EC2) are forwarded to the NGFW endpoint.
- The endpoint transparently sends the traffic to the firewall resource for inspection.
- If the traffic is allowed, the firewall resource sends the traffic back to the endpoint after inspection.
- As per the firewall subnet route table, traffic is forwarded to the workload
servers.
- Traffic initiated from a EC2 instance and destined to the internet is first forward to the NGFW endpoint.
- The endpoint transparently sends the traffic to the Cloud NGFW resource for inspection.
- If the traffic is allowed, the firewall resource sends the traffic back to endpoint after inspection.
- As per the firewall subnet route table, traffic is forwarded to the NAT gateway.
- Traffic is forwarded to the internet gateway in accordance with the NAT gateway route table.
