X-Labs
十月 12, 2021

Simplified and Cost-Effective Security for Your AWS Traffic with Forcepoint NGFW and Amazon VPC More Specific Routing

Mattia Maggioli

Although modern organizations host their workloads “in the cloud”, applications and services need connectivity and everything flowing between instances and users needs inspection. On AWS, organizations typically filter ingress traffic by deploying a firewall appliance with IDS/IPS capabilities and routing all traffic to a specific network interface. But what about East-West traffic between subnets and VPCs?

Until today securing traffic of AWS workloads between VPCs and subnets using firewall appliances would require a few routing and NAT tricks to have the traffic flowing through the device. This was doable thanks to AWS Transit Gateway, and very useful in those scenarios where on-premise networks or when peering connections with another Transit Gateway was already in place.

However, for the only job of filtering your East-West traffic in AWS, it was not the leanest architecture and would come a little operational overhead to get it working. To help reducing manual operations for our NGFW customers, we have released this integration between AWS Transit Gateway and Forcepoint NGFW which automates the deployment of an auto-scaling set of NGFW engines and connects them to an existing Forcepoint Security Management Centre (on AWS or on-premise) to control all engines and apply security policies consistently across locations and workloads.

Forcepoint NGFW and AWS VPC More Specific RoutingIn addition, complexity and cost have just dropped further with the launch of Amazon VPC More Specific Routing, a new feature that allows customers to redirect East-West traffic flowing between two subnets in a VPC through third-party appliances like Forcepoint Next Generation Firewall. With this enhancement, customers can now configure routing rules in a subnet route table to redirect local traffic destined for another subnet via Forcepoint NGFW, which will operate as a middle-box appliance.

Forcepoint NGFW and AWS VPC More Specific RoutingForcepoint has verified compatibility out-of-the-box with the new Amazon VPC feature, enabling customers to enforce network security policies with a leaner design in their AWS footprint. This removes the need for a dedicated AWS Transit Gateway and the extra configuration and also allows customers to easily extend their SD-WAN networks into Amazon VPC.

These integrations enable organizations and customers to avail of Forcepoint NGFW on AWS in the simplest and most cost-effective way: either by performing automated deployment in the most advanced scenarios involving AWS Transit Gateway, or by filtering traffic between VPCs and subnets using the new AWS VPC More Specific Routing feature.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.

Mattia Maggioli

Mattia leads the software engineering arm of Forcepoint Innovation Labs which provides design, prototype and POC capabilities to a wide array of integration activities between Forcepoint and 3rd party products, supporting business with a global ecosystem of technology partners and introducing...

Read more articles by Mattia Maggioli