Cloud NGFW for AWS
    : Cloud NGFW for AWS Distributed Deployments
    Focus
    Download PDF
    Focus
    1. Home
    2. AWS
    3. Cloud NGFW for AWS
    4. Cloud NGFW Resource and NGFW Endpoints
    5. Direct Traffic to Cloud NGFW for AWS
    6. Cloud NGFW for AWS Distributed Deployments
    Download PDF

    Cloud NGFW for AWS

    Cloud NGFW for AWS Distributed Deployments

    Table of Contents

    Cloud NGFW for AWS Distributed Deployments

    In a distributed deployment, each VPC that requires protection has its own NGFW. This deployment method is less complicated and, therefore, reduces the chance of misconfiguration.
    For additional examples of distributed deployments, see Cloud NGFW for AWS Deployment Architectures.

    Distributed East-West (intra-VPC)

    1. Traffic from the source instance is routed to the NGFW endpoint and on to the NGFW for inspection.
    2. If the traffic is allowed, the NGFW endpoint sends the traffic on to the destination.

    Distributed Outbound

    1. Traffic from the source instance is routed to the NGFW endpoint and on to the NGFW for inspection.
    2. If the traffic is allowed, the NGFW endpoint sends the inspected traffic to the NAT gateway.
    3. The NAT gateway sends the traffic to the internet gateway.
    4. The traffic continues to the internet and the destination.

    Distributed Inbound

    1. Traffic from the source arrives at the internet gateway.
    2. The internet gateway routes the traffic to the NGFW endpoint and then to the NGFW for inspection.
    3. If the traffic is allowed, the NGFW endpoint routes the traffic to the application load balancer.
    4. The application load balancer forwards the traffic to the destination.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.