Skip to content

AWS Edge East-West

The Valtix Gateway is deployed in a single VPC to protect the applications within the same VPC. The Gateway acts as a reverse proxy. The applications within the VPC access the target application via the Valtix Gateway. Configure the backend destination (the original application) as a proxy target on the Valtix Gateway. The proxy enables Valtix to decrypt TLS traffic and perform deep packet inspection. The proxied traffic to the backend/target can be sent as plain text HTTP, HTTPS, TCP or TLS.

To add a Gateway:

  1. Navigate to Manage -> Gateways -> Gateways
  2. Click Add Gateway
  3. Select the account you previously created

  4. Click Next

    Parameter Description
    Instance Type Choose the type (AWS_M5_2XLARGE) from the drop down
    Gateway Type Auto Scaling. (Look at the implementation guide for single instance Gateway and the use case for that)
    Minimum Instances Select the minimum number of instances that you plan to deploy
    Maximum Instances Select the maximum number instances that you plan to deploy. This is the maximum number that is used for auto-scaling in each availability zone
    HealthCheck Port Default is 65534
    Packet Capture (optional) Packet capture profile for threat and flow pcaps
    Diagnostics (optional) Diagnostics profile for debugging
    Log Profile (optional) Log Forwarding Profile used to forward events/logs to a SIEM

  5. Click Next

  6. Provide the following parameters

    Parameter Description
    Use AWS Gateway Load Balancer Check this box to use the AWS Gateway Load Balancer. This will consolidate Egress and East-West into a single Gateway. This is not available in all the AWS regions yet. Please check your AWS account if this option is available
    Security Choose East-West
    Gateway Image Image to be deployed
    Policy Ruleset Select the policy ruleset to associate with this Gateway. If you don't have any policy ruleset you can create a new by choosing Create New
    Region Select the region this Gateway will be deployed into
    VPC Select the VPC in which the Valtix Gateway is deployed
    Key Pair Select the key pair to associate with this Gateway
    IAM Role for Gateway Select the IAM role to associate with this Gateway
    Mgmt. Security Group Select the security group to associate with the management interface
    Datapath Security Group Select the security group to associate with the datapath interface

    Select the Availability Zone, the Mgmt Subnet and the Datapath Subnet. The available subnets will be based on the VPC selected above. For HA purposes the Gateway instances can be deployed in multiple AZs. Click the plus button to add a new AZ and select the parameters for the selected AZ.

  7. Click Next. The review page shows you the details of all the selected parameters. Review the available resources and see information about any AWS limits exceeded.

  8. Click Finish. The Gateway deployment starts and takes approximately 5-7 minutes for the Gateway to become ACTIVE

Tech Notes

Check the AWS Console Load Balancers* section and note that an internal Network Load Balancer has been created. It does not yet have any listeners or target groups. The listeners and target groups (targeting the EC2 Valtix Gateway instances) are created when you add a service with the listener port and backend application.

On your AWS console, view the EC2 instances page and check the Gateway instances created. The instances have a Name tag that begins with valtix*.