The discrimiNAT firewall is a solution to blocking traffic to unauthorized destinations, by hostnames, over HTTPS/TLS and SSH/SFTP connections. It works by monitoring data flows with our Deep Packet Inspection engine, inline as a NAT Instance on the egress of your VPC.

Simple Configuration

Simply specify allowed protocol and hostnames within the respective applications' Security Groups' rules' description fields, and the firewall will take care of the rest.

Simple Deployment

From complete multi-zone configurations that work with a single click to DIY deployments so you can configure the networking around it, we have all the IaC ready to go in our CloudFormation library / Terraform Registry.

Encryption Standards & Compliance

Enforces the use of contemporary encryption standards such as TLS 1.2+ and SSH v2 with bidirectional in-band checks. Anything older or insecure will be denied connection automatically. Also conducts out-of-band checks, such as DNS, for robust defence against sophisticated malware and insider threats. Gets your VPC ready for a proper pentest!

Integrated Logging

The firewall logs each change and connection allowed or disallowed straight into CloudWatch with rich metadata for analysis. Everything is set up out-of-the-box.

Transparent & Fast

Does not require TLS termination or configuration of applications to use a proxy. Results in significantly faster, end-to-end secure connections with no impact on component substitutability or configuration.