The discrimiNAT firewall is a solution to blocking traffic to unauthorized destinations, by hostnames, over HTTPS/TLS and SSH/SFTP connections. It works by monitoring data flows, with our Deep Packet Inspection engine, inline as a NAT Instance on the egress of your VPC.

Simple Configuration

Simply specify allowed protocol and hostnames within the usual Security Groups Rules' description fields and the firewall will take care of the rest.

Simple Deployment

From complete multi-zone network configurations that work with a single click, to DIY instance deployments so you can configure the networking around it, we have all the templates ready to go in our CloudFormation library.

Encryption Standards & Compliance

Enforces the use of contemporary encryption standards such as TLS 1.2+ and SSH v2. Anything older or insecure will be denied connection automatically. Ships audit logs to CloudWatch for data flow and configuration changes.

Integrated Logging

The firewall logs each connection allowed and disallowed straight into CloudWatch with rich metadata for analysis. Just pick one of our CloudFormation templates and everything is setup out of the box.

Transparent & Fast

Does not require TLS termination or configuration of applications to use a proxy. Results in significantly faster, end-to-end secure connection to the destination with no impact on component substitutability or configuration.