Posted On: Dec 14, 2022
Starting today, AWS Cloud WAN supports Appliance Mode feature, giving you the ability to deploy stateful network appliances in an Amazon Virtual Private Cloud (VPC) and forward network traffic to the correct appliance for security inspection. Appliance Mode simplifies centralized deployment of security appliances in a VPC and allows using multiple Availability zones (AZs) for highly availability.
AWS Cloud WAN is a managed service that lets you build, monitor and manage a unified global network interconnecting Amazon VPCs, data centers, branches and remote users. Customers deploy security appliances in a VPC to inspect VPC-to-VPC and VPC to on-premises network traffic. Security appliances are typically stateful and need to process both forward and return traffic for a network flow. Until now, customers needed to analyze their traffic patterns and carefully configure subnet routes to the appropriate security appliance for stateful inspection. With Appliance mode, Cloud WAN selects a single network interface in the appliance VPC to send both forward and return traffic for the life of the flow thus eliminating the need for special routing configuration. For multi-AZ deployments, Cloud WAN symmetrically routes flow traffic through the same AZ and as a result via the same appliance for stateful inspection. Appliance mode also supports deployment of AWS Network Firewall (ANFW), an AWS managed network firewall service, and AWS Gateway Load Balancer (GWLB), a service that allows customers to deploy and manage third-party network appliances in a horizontally scalable manner.
To get started, simply enable Appliance mode on the VPC attachment that contains your security appliances. You can enable this feature via the AWS Management Console, the Amazon Command Line Interface (Amazon CLI), and the Amazon Software Development Kit (Amazon SDK).
Appliance mode support is available in all AWS regions where Cloud WAN is available. There are no additional charges to use this feature. To learn more, please visit the AWS Cloud WAN product and documentation pages.