VPN DX public VIF termination advice
When terminating the VPN on public VIF, if there is an Internet reachable public IP in the path, how can you protect it from things like DDoS?
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
The first line of defense would be using a firewall filter (based on the source/destination address of packets) to control traffic to and from, based on IP address ranges. This could be done on a stand alone device, on the router, or through your provider's network (e.g. in an SD-WAN configuration).
We recommend that you use a firewall filter (based on the source/destination address of packets) to control traffic to and from some prefixes. If you're using a prefix filter (route map), ensure that it accepts prefixes with an exact match or longer. Prefixes advertised from AWS Direct Connect may be aggregated and may differ from the prefixes defined in your prefix filter.
Relevanter Inhalt
AWS OFFICIALAktualisiert vor 7 Monaten- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren