Cloud-Networking

GCP FireNet

Draft Introduction Aviatrix Firewall Network Services (FireNet) simplify the Next Generation Firewall Insertion and Operations. FireNet is the simplest, highest performance, best scale-out architecture for next generation firewalls in the cloud. Following are some of the highlights Simple deployment, autoroute propagation to firewalls Advanced egress, IDS, IPS, and ingress security Maximize performance, scale, and visibility …

GCP FireNet Read More »

Aviatrix Kickstart – Spin up Cloud Networks in Minutes – UI Mode

Kickstart deploys cloud and multi-cloud networks in minutes without any effort. Once the hub/spoke transit network is built in the cloud, it will act as a core networking layer on which one can add more use-cases as needed later. The lightweight automation script deploys an Aviatrix controller and an Aviatrix transit architecture in AWS (and …

Aviatrix Kickstart – Spin up Cloud Networks in Minutes – UI Mode Read More »

LAB5 – Bring Your Own IP/Subnet in GCP (Overlapping IP)

Objective ACE Enterprise in GCP wants to connect to different partners to consume SaaS services. These partners could be present in physical DC or Branches; or in VPC/VNET in cloud such as GCP/AWS/Azure/etc. ACE cannot dictate or control the IPs/Subnets/CIDR those partners have configured and must support “Bring Your own IP” which might overlap with …

LAB5 – Bring Your Own IP/Subnet in GCP (Overlapping IP) Read More »

LAB4 – GCP FQDN Based Egress Security

This lab will demonstrate how to provide Fully Qualified Domain Name (FQDN) based Egress Filtering security using Aviatrix. Only those FQDNs will be allowed which are permitted in the configured policy. Egress FQDN Filtering Overview Aviatrix FQDN Egress is a highly available security service specifically designed for workloads or applications inthe public clouds. Aviatrix Egress …

LAB4 – GCP FQDN Based Egress Security Read More »

LAB3 – GCP Multi-Cloud Network Segmentation (MCNS)

It is important to provide security compliance and fulfill audit requirements by using various methods and network segmentation is one of them. Providing Network Security segmentation is a critical business requirement. Aviatrix MCNS is helping many customers who achieved this requirement. So far we have built following topology Our objective in this lab to segment …

LAB3 – GCP Multi-Cloud Network Segmentation (MCNS) Read More »

Aviatrix’s Check Point CloudGuard Related Features

There are many features Aviatrix has developed for our Firewall partners to help achieve compliance, lower TCO, and enhanced application security needs. The following table is a list of some of the important features for Check Point CloudGuard deployment. There are some very specific ones for Check Point, and then there are some features applicable …

Aviatrix’s Check Point CloudGuard Related Features Read More »

Cloud to On Premise Data Center Active/Standby Firewall Design and Deployment

Problem Statement As enterprises moving their applications into the cloud, they are following the best practice to deploy their virtual NGFW in the Cloud using Aviatrix’s active/active, centralized, uncompromised, cost optimized an dpolicy-based Firewall Service Insertion (FireNet) solution as shown in the following diagram Some enterprises want to keep using their on-premise physical NGFW until …

Cloud to On Premise Data Center Active/Standby Firewall Design and Deployment Read More »

GCP High Performance Encryption

Aviatrix Gateway VM Type Throughput n1-highcpu-4 3.12Gbps n1-highcpu-8 6.54Gbps n1-highcpu-16 11.58Gbps n1-highcpu-32 19.97Gbps How does Aviatrix GCP HPE work? Aviatrix HPE utilizes native peering and multiple tunnels to provide higher throughput GCP HPE can also work with /24 subnet scheme. Controller builds native peering GCP Transit Gateway Details Following is the output from the Aviatrix …

GCP High Performance Encryption Read More »

Install BlockChain Quorum Node on AWS EC2 Instance

Prerequisites GoQuorum installed Tessera A running network Install GoQuorum [ec2-user@ip-10-101-91-122 ~]$ sudo yum update[ec2-user@ip-10-101-91-122 ~]$ sudo yum install git[ec2-user@ip-10-101-91-122 ~]$ sudo yum install go [ec2-user@ip-10-101-91-122 ~]$ sudo git clone https://github.com/ConsenSys/quorum.git Cloning into ‘quorum’… remote: Enumerating objects: 11, done. remote: Counting objects: 100% (11/11), done. remote: Compressing objects: 100% (7/7), done. remote: Total 99524 (delta 4), …

Install BlockChain Quorum Node on AWS EC2 Instance Read More »

Deploying BlockChain Quorum on AWS EC2 Instance

Introduction Quorum is an enterprise blockchain platform. Quorum is a privacy-centric fork of Ethereum client “geth” with several protocol level enhancements to support enterprise business needs. Quorum is an open-source project. The very nature of blockchain or distrubuted ledger provides a secure, shardd platform for decentralized applications (DAPPs) and data. It is cryptographically secure, auditable …

Deploying BlockChain Quorum on AWS EC2 Instance Read More »

GCP Shared VPC Transit Design and Deploy For Enterprises

Introduction GCP shared VPC allows an organization to share or extend its vpc-network (you can also call it subnet) from one project (called host) to another project (called service/tenant). When you use Shared VPC in a project call “X”, you are automatically designating this project “X” as a host project. Now you can attach one …

GCP Shared VPC Transit Design and Deploy For Enterprises Read More »

Aviatrix Spoke GW and Workload VMs in Same GCP Shared VPC Subnets

This pattern is more suited for small deployments, PoC or lab setup where the networking is kept very simple. The Aviatrix transit GW is deployed inside the host-project. The Aviatrix spokes are also deployed inside the host-project but the VPC network (or subnet) is shared with the service/tenant VPC. This same shared VPC network (subnet) …

Aviatrix Spoke GW and Workload VMs in Same GCP Shared VPC Subnets Read More »

Onboarding GCP Project in Aviatrix Controller with Restricted Access

Problem Statement By default GCP Compute Service Account permissions are wide open with the Editor role. Here is how you can see the problem yourself. Create a new GCP Project Notice the “Service Accounts” area and notice that there is no account there yet. Enable Compute API for PCI Service Project Default GCP Service Account …

Onboarding GCP Project in Aviatrix Controller with Restricted Access Read More »

GCP Least Privileged Service Account for Aviatrix

Aviatrix controller provides unified control and management plane for Google Cloud. Aviatrix allows enterprises to on-board hundreds of GCP projects/accounts into the controller. Once these projects are on-boarded, Aviatrix controller is intelligent to control and manage networking and security across those projects. On the Aviatrix document page one of the options is to use the …

GCP Least Privileged Service Account for Aviatrix Read More »

Aviatrix Ingress Filtering Deployment with AWS ALB (Application Load Balancer)

The requires only single VPC for testing purposes Aviatrix ingress filtering gateway (aka public subnet filter PSF) is deployed in the public subnet External ALB deployed in the same public subnet as AVX-PSF-GW WordPress App was launched in the non-routable private subnet (vpc2-subnet1) Bonus testing with Internal ALB Test Windows EC2 was launched in a …

Aviatrix Ingress Filtering Deployment with AWS ALB (Application Load Balancer) Read More »

Aviatrix Kickstart – Spin up Cloud Networks in Minutes – CLI Mode

Kickstart deploys cloud and multi-cloud networks in minutes without any efforts. Once the hub/spoke transit network is built in the cloud, it will act as core networking layer on which one can add more use-cases as needed later. The light weight automation script deploys Aviatrix controller and an Aviatrix transit architecture in AWS (and optionally …

Aviatrix Kickstart – Spin up Cloud Networks in Minutes – CLI Mode Read More »

Check Point CloudGuard IaaS in AWS with Quick Failover

Introduction Aviatrix release 6.0 introduced Firewall Instances Health Check Enhancement. This enhancement checks a firewall instance’s health by pinging its LAN interface from the connecting Aviatrix FireNet gateway. An alternative option to check health through firewall’s management interface. ICMP health check to the Firewall LAN interface improves firewall failure detection time and detection accuracy. This …

Check Point CloudGuard IaaS in AWS with Quick Failover Read More »