News & Events

Aviatrix Extends its Enterprise Multi-Cloud Backbone Portfolio with Firewall Network Service

Simplicity, Performance and Scale for Palo Alto Networks VM-Series with AWS Transit Gateway
Boston, Mass. AWS RE:INFORCE , June 25, 2019

Aviatrix, pioneers of the Enterprise Multi-Cloud Backbone, today announced the Aviatrix Firewall Network Service, an extension to its portfolio that delivers the simplest, quickest-to-configure, highest performance scale-out architecture to deploy Palo Alto Networks VM-Series next-generation firewalls, initially with Amazon Web Services (AWS) Transit Gateway.

Gartner predicts the worldwide public cloud services market will continue to grow rapidly and exceed $200 billion in 2019. As expansion accelerates, however, so do the symptoms of complexity as all businesses struggle to scale more clouds and applications – reaching the limits of their ability to cohesively manage integration, while still ensuring performance, security and visibility.

“Our customers are ‘all in’ on cloud. They want to bring their next-generation firewall policies to the cloud, but find it an incredibly complicated and manual process and extremely difficult to maintain at the scale most envision,” said Ryan Young, Director of Engineering at Vandis, Inc. “Combining Aviatrix’s Firewall Network Service with Palo Alto Networks VM-Series simplifies customer deployments and gives our customers the functionality and the operational model they expect from a cloud service.”

“Just as in traditional networks, next-generation firewalls are a critical security service in a cloud network and security architecture,” said Rod Stuhlmuller, Vice President of Marketing at Aviatrix. “Our new Firewall Network Service – born in the cloud, for the cloud – simplifies deployment of VM-Series firewalls with AWS Transit Gateway by automating many manual operations and overcoming performance and scale compromises when using AWS native transit network constructs.”

How the Aviatrix Firewall Network Service Works

Central to the Aviatrix Firewall Network Service for next-generation firewalls, is Aviatrix’s intelligent controller. Delivering intelligent orchestration and control of native cloud services through the AWS Transit Gateway, the controller interconnects virtual private clouds (VPC) and on-premises networks. Notably, capitalizing on the controller’s native integration into the Gateway allows for delivery of many other advanced services from Aviatrix.

A challenge for customers deploying VM-Series firewalls in an AWS Transit Gateway is that they are required by the native cloud networking constructs to negotiate trade-offs in performance and visibility as they increase scale (Figure 1), limiting access to the full benefits of the VM-Series.

Figure 1

Figure 1: Implementing Palo Alto Network VM-Series firewalls in AWS, without Aviatrix

Aviatrix removes these restrictions. By removing the need to use IPSec tunneling for route propagation and packet forwarding, Aviatrix delivers a better-than-10x increase in network throughput to the firewall, allowing the VM-Series to operate at optimal performance. And, Aviatrix removes the visibility loss when forced to perform source network address translation (SNAT) at the firewall, avoiding asymmetric routing when leveraging equal-cost multi-path routing (ECMP) to scale in a native AWS Transit Gateway implementation.

“As more enterprises move mission-critical applications to the public cloud, security and compliance often require inline firewall services, like our Palo Alto Networks VM-Series,” said Adam Geller, Senior Vice President, Cloud Product and Engineering at Palo Alto Networks. “Aviatrix services extend native network constructs to allow VM-Series customers to maximize both performance and scale, while greatly simplifying their enterprise cloud deployments.”

Centrally managed by the Aviatrix Controller, the Firewall Network Virtual Private Cloud (VPC) is natively attached to the AWS Transit Gateway. The Aviatrix Firewall Network Service gateways load-balance packets across firewall instances and retain full visibility across all traffic.

Figure 2

Figure 2: Implementing Palo Alto Networks VM-Series firewalls in AWS, with Aviatrix

In addition, the Aviatrix intelligent orchestration and control service reduces the entire (Figure 2) installation and configuration time from hours/days to minutes. It automates the propagation of routes across all VPCs and VM-Series firewalls, directing specified traffic through the VM-Series firewalls for inspection. Aviatrix gateways load-balance packets across multiple availability zones to scale out firewall instances deployment. As a result, Aviatrix creates a frictionless journey for bringing next-generation firewalls to the cloud.

About the Enterprise Multi-Cloud Backbone

Public cloud providers – such as AWS, Azure and Google – have become the physical infrastructure for the new virtual enterprise data center. The Enterprise Multi-Cloud Backbone is the new architecture that embraces and extends native public cloud networking constructs and infrastructure to deliver private, multi-region and multi-cloud transit networking and security services for enterprise IT. These services create an abstracted layer over-the-top of public clouds to deliver operational simplicity, security and performance. Enterprise Multi-Cloud Backbone services, include advanced transit networking, network segmentation, next generation firewall connectivity, secure user and site-to-cloud VPN, cloud to internet egress filtering, high-performance encryption, and many more.

To learn more about Aviatrix Enterprise Multi-Cloud Backbone Service Portfolio:

Learn more about Aviatrix’s Firewall Network Service.

About Aviatrix

Aviatrix is the leading provider of advanced networking and security services for the multi-cloud enterprise. Public cloud providers – such as AWS, Azure, GCP and Oracle OCI – are becoming the physical infrastructure for enterprise IT. Aviatrix networking and security software services – born in the cloud, for the cloud – embrace and extend native public cloud constructs and infrastructure and provide the operational simplicity, security and performance required for enterprises moving to the cloud. Services include: advanced transit networking, network segmentation, next-generation firewall integration, smart SAML VPN and site-to-cloud VPN access, cloud to Internet egress filtering, high-performance encryption, and many more. Learn more at

Media Contact

CHEN PR for Aviatrix
Jennifer Torode

Aviatrix Enterprise Multi-Cloud Backbone Overview
6:52 min | Share
Customer Testimonial: GREE Deploys VPCs Faster with Aviatrix
2:22 min | Share
Deploying Aviatrix using Terraform Provider
3:14 min | Share

Take a closer look at Aviatrix hybrid cloud solutions.

Simplify Workload Migration with Hybrid Cloud Networking

Analyst Report
By Enterprise Strategy Group

Download this free analyst report and learn to solve application migration challenges with Hybrid Cloud Networking.

Quantifying Business Benefits of Aviatrix Hybrid Cloud Networking

White Paper

Leveraging in-depth customer interviews, this paper identifies use cases enterprises can pursue with the Avaitrix hybrid cloud networking solution.

Next Generation Cloud-Native Networking

White Paper

Cloud teams are transforming VPC networking — all driven by automation instead of manual interfaces — to take a more strategic approach to cloud connectivity.

Lab Review: Networking Integration with Amazon Web Services — Aviatrix

Analyst Report
By Enterprise Strategy Group

This ESG Lab Review documents hands-on testing of the Aviatrix solution and how it integrates with AWS.