In a centralized
deployment, a dedicated security VPC provides a central approach
to managing access control and threat prevention of Inbound, Outbound
and East-West traffic of your VPCs. You must specify the security
VPC and subnet(s) when configuring Cloud NGFW. The NGFW endpoints
are created and deployed in the specified VPC and subnets. You must
then configure route rules on the application VPCs and TGW to redirect
traffic to the security VPC for inspection, as well as, route rules
for return traffic.