Egress FQDN Discovery

Discover what Internet sites your apps visit before you configure Egress FQDN Filter.


If you already know the sites you apps visit or the FQDN names you need to apply, skip the Discovery step.

Go to Security > Egress Control > Egress FQDN Discovery. Select a gateway from the dropdown menu and click Start. The monitoring will start, click Show at any time to see the captured destination sites. Click Stop to stop the entire Discovery process.


When you click Start, the Controller will automatically enable SNAT function on the gateway. The Controller looks for all private subnets in the VPC/VNet and replaces any > NAT Gateway to instead point to the Aviatrix Gateway.


During the Discovery step, the Exception Rule must be enabled (the checkbox should be marked, which is the default setting).


When you click Stop, the VPC/VNet private route table entry for the default route ( will be restored to its previous setting.


While the Discovery is in progress, click Show at any time to see the captured destination sites.


Click Download during or after the Discovery, the destination list will be downloaded. You can later import the list to configure the FQDN Filter.

Note that if a gateway is already attached to a FQDN tag, you cannot run the Discovery process, but you can view FQDN results immediately by going to Step 4, Egress FQDN View Log.