The Secure Egress Gateway is a solution to blocking HTTPS/TLS traffic to unauthorized destinations by hostname. It works by monitoring data flows, with our Deep Packet Inspection engine, inline as a NAT Instance on the Egress of your VPC.

Simple Configuration

Just specify a comma separated list of allowed destination hostnames in AWS SSM and the firewall will take care of the rest. You can even use wildcards for allowing subdomains!

Simple Deployment

From complete Multi Zone network configurations that work with a single click, to DIY instance deployments so you can configure the networking around it, we have all templates ready to go in our CloudFormation library.

Encryption Standards & Compliance

The Secure Egress Gateway can help you reach compliance standards by limiting the Egress routes of your network to only allowed destinations. The firewall also enforces the use of contemporary encryption standards such as TLS 1.2 and TLS 1.3.

Integrated Logging

The firewall logs each connection allowed and disallowed straight into AWS CloudWatch with rich metadata for analysis. Just pick one of our CloudFormation templates and everything is setup out of the box.

Transparent & Fast

A Deep Packet Inspection firewall does not require TLS termination or configuration of Applications to use a Proxy. This results in a significantly faster, end-to-end secure connection to the destination with no impact on component substitutability or configuration changes.