Sold by: netCUBED
Deployed on AWS
Free Trial
A highly available, egress filtering proxy and NAT gateway. The gateway restricts HTTP and HTTPS egress traffic from VPC resources to a whitelisted set of hostnames (FQDN). This solution is effective where traditional IP-based firewalls fall short.
Overview
The Secure Internet Access Gateway is a highly available, egress filtering proxy and NAT gateway. The gateway restricts HTTP and HTTPS egress traffic from VPC resources to a whitelisted set of hostnames (FQDN). This solution is effective where traditional IP-based firewalls fall short. Access to package repositories and AWS APIs can be provided to instances in private subnets without granting them broad internet access. The gateway is ideally suited to protect your EC2 instances, AWS Workspaces and even Lambda functions from harmful internet traffic while still providing access to update servers, specific websites and services.
The gateway can operate in explicit and transparent mode. In explicit mode, the instance needs to be provided with the gateway's proxy address. The explicit mode provides more granular control over what application has access to the internet. In transparent mode the gateway is added to the subnet's route table allowing traffic to be filtered on its way out to the internet. No changes to applications on EC2 instances are necessary. The transparent mode is useful in scenarios where an application does not provide an option to define a proxy.
The Secure Internet Access Gateway is powered by the AWS Network Load Balancer (NLB). The gateway can therefore easily be shared with other VPCs in the same region using the VPC PrivateLink feature. Please note that only explicit mode is available when using PrivateLink.
Highlights
- HIGH AVAILABILITY | The gateway can easily be deployed in multiple availability zones for redundancy.
- TRANSPARENT PROXY | Optionally filters traffic in transit without explicit proxy configuration.
- FILTER BY HOSTNAME | Control egress traffic by destination hostname instead of IP address.
Details
Sold by
Categories
Delivery method
Delivery option
New VPC Deployment
Existing VPC Deployment
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
AmazonLinux 2
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 5 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c5.large Recommended | $0.073 |
t3.xlarge | $0.123 |
t2.xlarge | $0.123 |
r5a.xlarge | $0.163 |
m4.4xlarge | $0.43 |
r5.24xlarge | $2.158 |
r5.large | $0.097 |
m5.4xlarge | $0.414 |
t2.small | $0.042 |
r4.16xlarge | $2.158 |
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
- Migrated to Amazon Linux 2
- Upgraded Squid to version 4.7
- Implemented improvements to transparent proxy behavior
- Added support for VPC Endpoint Services which allows you to share one Gateway with any number of VPCs
Additional details
Usage instructions
This solution is best deployed through CloudFormation templates. CloudFormation is an Infrastructure as Code (IaC) service provided by AWS which makes it fast and easy to set up complex cloud infrastructures.
The CloudFormation template will output the hostname of the Network Load Balancer (NLB) under Outputs, ProxyAddress. The port for the HTTP proxy is always 3128. On most Linux systems it is sufficient to set the http_proxy and https_proxy environmental variables. The majority of client applications will pick up these variables and configure themselves accordingly.
Please find detailed instructions at http://netcubed-ami.s3-website-us-east-1.amazonaws.com/sinac/v1.0.0/#configuring-applications-to-use-the-proxy
Resources
Vendor resources
Support
Vendor support
For paid support, email sales@netcubed.de for further information. Free support is provided via support@netcubed.de . For free support, we do not provide a guaranteed response time, however we do our best to respond to questions within 24 hours Monday through Friday.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By netCUBED
By Chaser Systems
By Cohesive Networks
AI generated from product descriptions
Egress Traffic Filtering
Restricts HTTP and HTTPS egress traffic from VPC resources to a whitelisted set of hostnames (FQDN), providing hostname-based filtering instead of traditional IP-based firewall rules.
High Availability Architecture
Supports deployment across multiple availability zones for redundancy and can be shared with other VPCs in the same region using VPC PrivateLink.
Dual Proxy Operation Modes
Operates in explicit mode requiring proxy address configuration for granular application-level control, and transparent mode integrated into subnet route tables for traffic filtering without application changes.
Network Load Balancer Integration
Built on AWS Network Load Balancer infrastructure for scalable and highly available gateway deployment.
Private Subnet Access Control
Enables secure access to package repositories and AWS APIs for instances in private subnets while restricting broad internet access.
Transparent Network Traffic Routing
Routes all egress traffic from VPC resources including VMs, EKS, Fargate, Lambda, and WorkSpaces through the firewall without requiring proxy environment variables or code modifications
FQDN-Based Traffic Filtering
Filters and controls egress traffic based on Fully Qualified Domain Names with discovery capabilities through monitor mode that logs traffic without blocking for FQDN extraction
DNS Spoofing Prevention
Conducts out-of-band DNS lookups to detect and prevent TLS SNI spoofing attacks and supports FQDN-based filtering for SSH connections
AWS Console Integration
Stores configuration directly in Security Groups and sends flow and audit logs to CloudWatch using only AWS APIs without requiring additional tooling or external interfaces
High Availability and Auto-Scaling
Operates as an AWS Gateway Load Balancing Partner for Security Appliances with built-in high-availability, load-balancing, and auto-scaling capabilities within the VPC with zero-downtime rolling updates
Network Address Translation
Provides outbound NAT-Gateway functionality with source and port NAT-ing capabilities without throughput limitations using standard instance types.
Firewall Configuration
Includes firewall functions enabling secure inbound NAT through port redirection and outbound traffic restriction to specific ports or destination addresses.
Traffic Filtering and Control
Supports outbound WAF and URL filtering through plugins with allowlist configuration or integration with external URL filtering services.
VPN Remote Access
Enables one remote VPN user connection for secure remote administration access.
Standard contract
No
No
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.