Extending Distributed Cloud Firewall to your Network Edge
Distributed Cloud Firewall (DCF) allows you to define granular policies for the distributed applications in the cloud. In addition to Network Segmentation Domains, you can leverage the DCF feature for additional security to allow or deny network traffic from cloud and on-premise. You can create DCF policy rules to specify the cloud resources and on-premise CIDRs that can communicate with each other within a Network Segmentation Domain or as a policy that is created outside a segmentation domain. These policies are then enforced at the edge by the Aviatrix Secure Edge Gateway.
Distributed Cloud Firewall extended to the edge offers these key benefits:
-
Aviatrix Distributed Cloud Firewall integration with Aviatrix Secure Edge.
-
Allows you to leverage security built into the Aviatrix Secure Edge to filter traffic between LAN segments and CSP resources.
-
Provides cloud to edge and advanced threat filtering capabilities.
-
Allows you to manage and operate DCF from cloud and deploy with cloud automation.
To create DCF policy rules you need to follow these steps.
-
You need to create the SmartGroups for the applications in the cloud and on-premise to filter the traffic between these SmartGroups.
-
After you create the SmartGroups, you need to create the DCF rules to allow or deny network traffic flow between the SmartGroups.
You can define a SmartGroup by specifying CSP tags, webgroups, and CIDRs. SmartGroups for network edge is defined using CIDRs. Enforcement of the policy by Aviatrix Secure Edge will make use of the SmartGroups and filter traffic based on the DCF rules that are defined for the SmartGroups. |
To learn more about creating SmartGroups and DCF policies, see Implementing Distributed Cloud Firewall in an Aviatrix-Managed Network.