The discrimiNAT is a solution to being unable to specify hostnames/FQDNs in Google Cloud Firewall Rules and AWS Security Groups for scalable egress filtering. It works by monitoring and blocking traffic without decryption, with our Deep Packet Inspection engine, inline as a high-availability NAT Instance on the egress of your VPC network.
We have made the configuration of this firewall as simple as possible. Just specify the allowed destination FQDNs in the applications' outbound rules itself and the firewall will take care of the rest. See the brief video demos for how straightforward this is.
From complete multi-zone network configurations that work with a single click and have sane defaults, to DIY instance deployments so you can configure the networking around it, we have all templates ready to go in our CloudFormation library for AWS and as a Deployment Manager template for Google Cloud. You can even use the Infrastructure-as-Code framework of your choice (such as Terraform) without any special inclusions.
A Deep Packet Inspection firewall can help you reach compliance standards by limiting the egress routes of your network to only allowed destinations. What’s more, is the discrimiNAT firewall enforces the use of contemporary encryption standards such as TLS 1.2, TLS 1.3 and SSH v2. Anything older or insecure will be denied connection automatically.
The firewall logs each connection allowed and disallowed straight into AWS CloudWatch or Google Cloud Stackdriver with rich metadata for analysis. Again, no configuration or setup required. Just pick one of our CloudFormation templates or the Google Cloud Deployment Manager template, and everything is set up out of the box.
A Deep Packet Inspection firewall does not require TLS termination or configuration of applications to use a proxy. This results in a significantly faster, end-to-end secure connection to the destination with no impact on component substitutability or configuration changes. What more could microservice deployments ask for!?