Firewall Network Design Patterns

1. Hybrid with TGW

FireNet supports AWS Transit Gateway (TGW), as shown below.

firenet_transit

2. Hybrid with Insane Mode

FireNet supports AWS Transit (TGW) with Insane Mode,

firenet_insane

3. Native TGW integration

In the Release 4.6, the hybrid deployment can be using native AWS Direct Connect Gateway.

firenet

4. Multi Region Transit with Native TGW integration

Connect to on-prem with AWS DXGW and use Aviatrix Edge gateway to connect to multiple regions.

multi_region_firewall

5. Multi Region Transit with Aviatrix Edge

Connect to on-prem with an Aviatrix Edge gateway for both hybrid and multi regions.

multi_region_aviatrix_edge

6. Two Firewall Networks

You can deploy two Firewall Networks, one dedicated for VPC to VPC traffic inspection and another for Egress inspection.

Note you must follow the configuration sequence below:

  1. Disable the Traffic Inspection of the FireNet domain intended for Egress control.
  2. Enable Egress Control for FireNet domain intended for Egress control.
  3. Build connection policies.

multi_firewall

7. Ingress Traffic Inspection

Follow the Ingress firewall instructions to deploy the solution for Ingress traffic inspection.

ingress_firewall

8. Aviatrix FQDN in FireNet for Egress Control

fqdn_in_firenet