The Secure Egress Gateway is a solution to being unable to specify hostnames in AWS Security Groups and GCP Firewall Rules. It works by monitoring and blocking traffic without decryption, with our Deep Packet Inspection engine, inline as a high-availability NAT Instance on the Egress of your VPC network.
We have made the configuration of this firewall as simple as possible. Just specify a comma separated list of allowed destination hostnames and the firewall will take care of the rest. You can even use wildcards for allowing subdomains! See our Configuration Examples page for how straightforward this is.
From complete Multi Zone network configurations that work with a single click and have sane defaults, to DIY instance deployments so you can configure the networking around it, we have all templates ready to go in our CloudFormation library for AWS and as a Deployment Manager template for GCP. Terraform modules, with examples of various networking configurations, are published on the Terraform Registry.
Encryption Standards & Compliance
A Deep Packet Inspection firewall can help you reach compliance standards by limiting the Egress routes of your network to only allowed destinations. What's more, is the Secure Egress Gateway enforces the use of contemporary encryption standards such as TLS 1.2 and TLS 1.3. Anything older or insecure will be denied connection automatically.
The firewall logs each connection allowed and disallowed straight into AWS CloudWatch or GCP Stackdriver with rich metadata for analysis. Again, no configuration or setup required. Just pick one of our CloudFormation templates or the GCP Deployment Manager template and everything is setup out of the box.
Transparent & Fast
A Deep Packet Inspection firewall does not require TLS termination or configuration of Applications to use a Proxy. This results in a significantly faster, end-to-end secure connection to the destination with no impact on component substitutability or configuration changes.