Getting Started
ACE Resources
- - Knowledge Base
Events
Groups

Home
Community
Technical Forum
Security

Security

Open forum dedicated to network security, governance, compliance, and risk management

8 Topics
6 Replies

When you subscribe we will email you when there is a new topic in this category

8 Topics

Recently active

Most replies Most views Newest first

HaroCadet

Asked in Security

Anyone attending Gartner Security Summit?

Hi All! Please let me know if you or any of your colleagues are planning to attend the Gartner Security and Risk Summit in DC on June 6-8. We’re organizing a group dinner where our head of product solutions will be sharing the latest on cloud security. It would be great to see you there!

Okey_ChimehCadet

Asked in Security

Security Integrations

Does Aviatrix have integration capability with WAFs (e.g. Impervia & Akamai) & Endpoint Security Solutions (e.g. Crowdstrike & Symantec) If yes, can a single set of instances in a Firenet serve VMs across multiple clouds If no, are they on the roadmap & is there a set timeline?

Mark_NoormanCadet

Asked in Security

Let's Encrypt for Controller SSL?

Hi everyone, I have an Aviatrix Controller deployed and would like to secure browser access with an SSL certificate. Let's Encrypt seems like an easy and cost effective method, however in order to use it I need SSH access to the Controller, which is disabled. If there's anyone that has successfully implemented this I'd love to hear the details! Thanks,   Mark

Rohan_AcharekarCadet

Asked in Security

Azure Firewall

In video lectures it is mentioned that Azure native firewall do not have support for DPI, IDS or IPS but on azure website they it says it has IDS and IPS support. please refer the link below.   What should be our answer if the question comes on support of IDS and IPS feature of Azure native firewall? https://azure.microsoft.com/en-in/services/azure-firewall/

Nabeeha_AliCadet

published in Security

Firewall Network (FireNet) FAQs

What is the difference between the firewall network and the Transit FireNet? The Firewall Network is when we insert the firewall in the AWS TGW. Transit FireNet is when we insert a firewall in the Aviatrix Transit VPC/VNet, which works in all clouds.  Who programs the TGW to send traffic to the appropriate FW? Aviatrix Controller will orchestrate VPC and TGW routes to send traffic to Aviatrix Gateways in the Firewall Network VPC. From there, Aviatrix Gateways will load balance traffic between available FWs.  Can you have more than one HA pair of FireNet systems sitting with the Transit Gateway for further bandwidth? Absolutely, Aviatrix supports up to 10 Firewall instances per AZ (20 per Transit FireNet VPC) in AWS, for example.  Do the Transit Gateways and FireNet systems have the ability to handle Malicious IP filtering and IDS/IPS? Yes, this is handled by the Aviatrix Gateways (Transit, Spoke, and Standalone) and part of the data plane. This is called Av

Nabeeha_AliCadet

Asked in Security

FQDN/URL Based Egress Filtering FAQs

Is application-based filtering possible?     Aviatrix Egress FQDN can filter the traffic based on Layer 7 (L7) FQDN, IP, or even with wildcard FQDN. One can also use NGFW with Aviatrix FireNet solution to provide deeper level filtering if needed. Are there any 3rd party plug-ins for the FQDN filters?  ie. DNS filtering based on domain classification? No, but you can import your filters. Does the controller identify URLs on the basis of families? How do we redirect the DNS request to Aviatrix FQDN Engine? The Aviatrix Gateway replaces the native NAT GW and not only provides NAT but also advanced filtering capabilities using the L7 FQDN. Aviatrix Controller automatically programs all necessary VPC/VNET routes to redirect traffic towards the Egress GW for Internet bound traffic. Will the DNS get resolved with the packet dropped based on the data plane’s traffic? Yes. The DNS will be resolved the way it is today, but when traffic hits the Aviatrix Gatew

Nabeeha_AliCadet

Asked in Security

High Performance Encryption (HPE) FAQs

In HPE environments, as you are bundling IPsec tunnels to achieve greater overall throughput, are you still limited to 1.25 Gbps per session/flow? Or do you perform some form of per packet load-sharing across the available tunnels? 1- We are building multiple IPSec tunnels.  2- We do have tech. beyond just building simple tunnels. So no, we are not limited to just 1.25 Gbps per session/flow.  Can we get 70Gbps with a single gateway? This is cumulative throughput and depends on the size of the gateway and whether you enable HPE or not. How do you accomplish high performance encryption on the Direct Connect/peering links? It is done using our technology called HPE (High Performance Encryption, AKA, Insane Mode Encryption).  For HPE, is it bundling multiple VPN's or a single VPN with 10Gbps throughput?     Check out this document for more information: https://docs.aviatrix.com/HowTos/insane_mode.html?highlight=HPE How is the Aviatrix

Shveta_ShahiCadet

Asked in Security

How do I overcome the 60 IP limit per Security Group in AWS?

The problem: The number of inbound or outbound rules per security group in amazon is 60. Reference. From the inbound perspective, this is not a big issue because if your instances are serving customers on the internet, then your security group is wide open; on the other hand, if you want to allow access only from a few internal IPs, then the 60 IP limit is sufficient. However, outbound or egress traffic is a different discussion. Let's say you have a production instance that needs updates from updates.ubuntu.com ( 15 IPs) and a few other repositories like GitHub (12 IPs), and perhaps a third party partner. You can quickly realize that 60 IPs are not enough. The solution: Aviatrix solution to this problem is the Secure Cloud Egress with FQDN that allows you to specify filters using Fully Qualified Domain Name of the destinations that your instances are allowed to reach. This simplifies the management as you only introduce FQDN such as update.ubuntu.com or github.com to

Recently Awarded Badges

volker.lenghas earned the badge Aviatrix Certified Engineer
m.schnablhas earned the badge Aviatrix Certified Engineer
Lionelhas earned the badge Aviatrix Certified Engineer
d.capanohas earned the badge Aviatrix Certified Engineer
maximilian.aschenbrennerhas earned the badge Aviatrix Certified Engineer

Show all badges

Powered by Gainsight

Terms & Conditions

Sign up

Already have an account? Login

Login with SSO

Login with LinkedIn

or

Username *

E-mail address *

Password *

I accept the terms & conditions

loginBox.register.email_repeat

Login to the community

No account yet? Create an account

Login with SSO

Login with LinkedIn

or

Username or Email

Password

Remember me

Forgot password?

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

OK

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

OK