Transit FireNet Settings
You can configure the following settings for each FireNet.
-
Select a FireNet.
-
Click the Settings tab.
-
Configure the following for the selected FireNet:
Field | Description |
---|---|
Firewall Management Access |
Advertise the Transit FireNet VPC/VNet CIDRS to on-prem. For example, if a firewall management console such as Palo Alto Networks Panorama is deployed on-prem, the Panorama can access the firewalls of their private IP addresses with this option configured. |
Static CIDR Egress |
Allow egress to a subnet of your IP address space from your on-prem data center to the Internet. Static CIDR egress is supported on Aviatrix Transit and AWS Transit gateways. You can add up to 20 subnets. |
Exclude from East-West Inspection (not visible for Egress FireNet) |
FireNet inspects all East-West (VPC/Vnet to VPC/VNet) traffic by default, but you may have an instance that you do not want inspected. The CIDRs listed here will not be subject to firewall policies/firewall policy errors CIDRs are excluded from East-West inspections only. |
Firewall Forwarding |
Select a 5-Tuple or 2-Tuple hashing algorithm. 2-Tuple hashes Source IP and Destination IP 5-Tuple hashes Source and Destination IP, Source and Destination Port, and Protocol Type. By default, FireNet and AWS TGW FireNet use the 5-Tuple algorithm to load balance traffic across different firewalls. However, you can select 2-Tuple to map traffic to the available firewalls. |
TGW Segmentation for Egress (AWS TGW FireNet only) |
Enable this feature to block traffic between network domains when the network domains do not have a connection policy defined between them and are connected to an Egress Firewall Domain. |