By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How do I set up Amazon VPC ingress routing with a stateless network appliance?

0

I want to implement a network topology where I can set an ingress route on the internet gateway to pass through a security appliance. I still want the destination subnet behind the appliance to have a direct route to the internet gateway. I need the appliance to see only the ingress traffic (requests) and not the other direction. I did some basic testing and found that this topology doesn't work. For example, connections initiated from the subnet behind the appliance can't reach the internet. How do I configure this routing?

Topics
Networking & Content Delivery
Tags
Networking & Content Delivery
Language
English
AWS-User-2362955
asked 4 years ago406 views
1 Answer
0
Accepted Answer

If the traffic is asymmetric, that is, the return traffic doesn’t go through the same appliance or firewall, then the return traffic is dropped at the AWS edge. This happens by design. Therefore, you need a symmetric flow for VPC Ingress routing to work. A better architecture is to use the Elastic Load Balancing sandwich architecture and scale the firewall depending on the load.

AWS
jkaps
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content