Cloud NGFW for AWS
    : Cloud NGFW for AWS Isolated Deployment Model
    Focus
    Download PDF
    Focus
    1. Home
    2. AWS
    3. Cloud NGFW for AWS
    4. Cloud NGFW Resource and NGFW Endpoints
    5. Direct Traffic to Cloud NGFW for AWS
    6. Cloud NGFW for AWS Isolated Deployment Model
    Download PDF

    Cloud NGFW for AWS

    Cloud NGFW for AWS Isolated Deployment Model

    Table of Contents

    Cloud NGFW for AWS Isolated Deployment Model

    Cloud NGFW for AWS isloated deployment model.
    An isolated deployment model enables Cloud NGFW for AWS to secure traffic in multiple AWS VPCs. With this model you can share the Cloud NGFW resource across multiple VPCs in different AWS accounts.

    Ingress/Egress Traffic Inspection

    1. The Internet Gateway (IGW) forwards the traffic destined to the public IP of the Application Load Balancer (ALB) from the ALB.
    2. Per the ALB subnet, any traffic going to the target group (workloads on EC2) are forwarded to the NGFW endpoint.
    3. The endpoint transparently sends the traffic to the firewall resource for inspection.
    4. If the traffic is allowed, the firewall resource sends the traffic back to the endpoint after inspection.
    5. Per the firewall subnet route table, traffic is forwarded to the workload servers:
      1. Traffic initiated from a EC2 instance and destined to the internet is first forwarded to the NGFW endpoint.
      2. The endpoint transparently sends the traffic to the Cloud NGFW resource for inspection.
      3. If the traffic is allowed, the firewall resource sends the traffic back to the endpoint after inspection.
      4. Per the firewall subnet route table, traffic is forwarded to the NAT gateway.
      5. Traffic will be forwarded to the internet gateway in accordance with the NAT gateway route table.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.