Hello Everyone,
I am exploring options to route on-premises internet traffic through an Aviatrix NAT Gateway. Currently, we are using a third-party firewall deployed on AWS to handle NAT for our on-premises traffic.
I would like to know if it is feasible to replace the existing third-party firewall with an Aviatrix NAT Gateway for this purpose. Any insights, recommendations, or experiences with such a setup would be greatly appreciated.
Thank you in advance!
Best answer by MohammedBanabila
on premise you can use aviatrix security edge which act as a spoke. you can enable Nat feature for internet traffic.
aviatrix security edge has 3 interfaces
wan interface(eth0) = which connect to your on-premises Wan router
Lan interface(eth1) = which connect to network infrastructure of on premise by Bgp session
management interface(eth2) = which connect to your controller
you can integrate with Equinix and megaport platform for hybrid connectivity
reference links: for enabling Nat and hybrid connectivity with aviatrix edge
https://docs.aviatrix.com/documentation/latest/network/snat-dnat-settings.html
https://docs.aviatrix.com/previous/documentation/v7.0/planning-secure-networks/edge-use-cases.html
https://docs.aviatrix.com/previous/documentation/v7.0/planning-secure-networks/edge-design-patterns.html
https://docs.aviatrix.com/previous/documentation/v7.0/deploying-secure-networks/edge-equinix-workflow.html
https://docs.aviatrix.com/previous/documentation/v7.0/deploying-secure-networks/edge-2.0-workflow.html
+5yes, you can do that. to control ingress or egress traffic flow to/from on-premises . and cost optimize by not using cloud provider Nat gateways which add security and visibility to hole traffic flow path.
Aviatrix Cost-Effective NAT Gateway | Aviatrix
Cut NAT Gateway Costs While Enhancing Security
Thanks for your sharing. Currently we are using Aviatrix NAT Gateway Solution on Our Cloud Environment. I want to setup our on-premise internet traffic through AVX NAT Gateway. If we can setup this, could you please share some information. Thanks.
+5on premise you can use aviatrix security edge which act as a spoke. you can enable Nat feature for internet traffic.
aviatrix security edge has 3 interfaces
wan interface(eth0) = which connect to your on-premises Wan router
Lan interface(eth1) = which connect to network infrastructure of on premise by Bgp session
management interface(eth2) = which connect to your controller
you can integrate with Equinix and megaport platform for hybrid connectivity
reference links: for enabling Nat and hybrid connectivity with aviatrix edge
https://docs.aviatrix.com/documentation/latest/network/snat-dnat-settings.html
https://docs.aviatrix.com/previous/documentation/v7.0/planning-secure-networks/edge-use-cases.html
https://docs.aviatrix.com/previous/documentation/v7.0/planning-secure-networks/edge-design-patterns.html
https://docs.aviatrix.com/previous/documentation/v7.0/deploying-secure-networks/edge-equinix-workflow.html
https://docs.aviatrix.com/previous/documentation/v7.0/deploying-secure-networks/edge-2.0-workflow.html
Dear Mohammed Banabila,
Thank you for sharing the documentation—it has been very helpful. I would like to confirm one detail: If I intend to use the Edge Gateway for Internet traffic, is it necessary to also utilize the Aviatrix Transit Gateway?
I appreciate your clarification on this matter.
.
+5when you deploy the edge gateway to your on-premises, it requires you to do attachment edge gateway with aviatrix transit gateway. through Copilot dashboard. the controller will do management of the traffic, also
the routes from edge gateway at on-premises to your cloud provider infrastructure. which the traffic be encrypted by high performance encryption that be end to end encryption to/from on-premises
https://docs.aviatrix.com/previous/copilot/v4.3/building-your-network/edge-connectivity.html
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.