Monitoring Egress Traffic

If you configured Egress (in Aviatrix Controller or CoPilot) prior to Controller 7.1/CoPilot 3.11, you continue configuring rules in the Aviatrix Controller with the legacy Egress solution. If a Spoke Gateway already has FQDN enabled via legacy Egress in the Controller, it cannot be used in your Distributed Cloud Firewall configuration.

For more information on configuring the legacy Egress solution, go here.

You access the Egress page from CoPilot > Security > Egress or by typing Egress in the navigation search.

The Overview tab shows you the following information for the egress traffic rules you configured:

  • The top egress rules hit

  • The top attempted Internet domains

  • The top source IPs of users/applications/workloads that are attempting Internet access

  • The VPC/VNets that have the top usage (in %) of Internet-bound egress traffic

The Monitor tab shows egress FQDN data. Yuo can also view real-time logs for egress traffic by selecting the Live View option. You can display and download these logs.

To view egress results for specific VPC/VNet(s), you can navigate to the Egress VPC/VNets tab and specify the VPC/VNet(s) you are interested in. The table will then be populated with the results.

On the Transit Egress tab, you can enable Egress on Transit gateways.

For information about how to configure egress traffic rules, see Implementing Egress in an Aviatrix-Managed Network.