Prerequisites

Before applying Distributed Cloud Firewall:

  • Your version of CoPilot must be 2.0 or greater.

  • Your version of Aviatrix Controller must be 6.7 or greater.

  • Gateways must have their image updated to version 6.7 or greater.

  • Network reachability should be configured between the VPCs that contain applications that require connectivity. You configure network reachability using Connected Transit/MCNS.

  • Enable Egress on the Spoke Gateways used in

  • If you plan to use cloud tags in your SmartGroups, Cloud resources must be tagged appropriately.

  • You must have already created WebGroups, if you want to use them in your Distributed Cloud Firewall configuration.

Intrusion Detection

If you plan to enable Intrusion Detection in a Distributed Cloud Firewall policy, remember:

  • IDS cannot be applied to east-west traffic if HA VPC/VNets are being used.

  • IDS can work with HA for egress traffic.