In a centralized ingress model, Valtix orchestrates a Service VPC as a centralized security hub and connects all spoke VPCs to the Service VPC through the use of AWS Transit Gateway. Valtix will orchestrate the deployment of a Service VPC(and all necessary components) and attach to an existing or new AWS Transit Gateway(Valtix can also help in deploying the Transit Gateway). Inside the Service VPC deployed by Valtix, there is a Network Load Balacer(NLB) which traffic will be the ingress point for ingress traffic. Valtix Gateway will act as a reverse proxy and and proxy incoming traffic for your workloads.
The diagram shows both Ingress Gateway and Egress+East-West Gateway. User can choose to deploy Ingress and Egress+East-West Gateway in the same VPC. If protection is for Ingress only, Egress Gateway is not needed.