Cloud NGFW for AWS Distributed Deployments

In a distributed deployment, each VPC that requires protection has its own NGFW. This deployment method is less complicated and, therefore, reduces the chance of misconfiguration.

Distributed East-West (intra-VPC)

  1. Traffic from the source instance is routed to the NGFW endpoint and on to the NGFW for inspection.
  2. If the traffic is allowed, the NGFW endpoint sends the traffic on to the destination.

Distributed Outbound

  1. Traffic from the source instance is routed to the NGFW endpoint and on to the NGFW for inspection.
  2. If the traffic is allowed, the NGFW endpoint sends the inspected traffic to the NAT gateway.
  3. The NAT gateway sends the traffic to the internet gateway.
  4. The traffic continues to the internet and the destination.

Distributed Inbound

  1. Traffic from the source arrives at the internet gateway.
  2. The internet gateway routes the traffic to the NGFW endpoint and then to the NGFW for inspection.
  3. If the traffic is allowed, the NGFW endpoint routes the traffic to the application load balancer.
  4. The application load balancer forwards the traffic to the destination.

Recommended For You