In the Cloud NGFW for Amazon Web Services (AWS) centralized inbound deployment architecture, what is the next hop for the traffic after it passes through the application load balancer (ALB)?
In the Cloud NGFW for Amazon Web Services (AWS) centralized inbound deployment architecture, what is the next hop for the traffic after it passes through the application load balancer (ALB)?
In a centralized inbound deployment architecture for Cloud NGFW on AWS, the next hop for the traffic after it passes through the application load balancer (ALB) is the Ingress VPC Transit Gateway Elastic Network Interface (TGW ENI). This interface acts as the entry point for traffic into the Virtual Private Cloud (VPC) and routes it to the Transit Gateway (TGW) for further processing and security inspection.
Centralized Inbound 1. Traffic from the internet arrives at the internet gateway. 2. The internet gateway routes traffic to the application load balancer (ALB). 3. The ALB then sends traffic to the ingress VPC TGW ENI. 4. The TGW ENI sends traffic to the TGW. 5. The TGW routes traffic to the security VPC TGW ENI. 6. The TGW ENI sends traffic to NGFW endpoint and on to the NGFW for inspection. 7. If the traffic is allowed, the NGFW endpoint sends the traffic to TGW. 8. The TGW then routes the traffic to the protected VPC TGW ENI and then on to the destination. [https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/create-cloud-ngfw-instances-and-endpoints/direct-traffic-to-cloud-ngfw-for-aws/cloud-ngfw-for-aws-centralized-deployments]