AWS Cloud WAN - Support Appliance Mode
Starting Dec 2022 , AWS Cloud WAN supports Appliance Mode feature, giving you the ability to deploy stateful network appliances in an Amazon Virtual Private Cloud (VPC) and forward network traffic to the correct appliance for security inspection. Appliance Mode simplifies centralized deployment of security appliances in a VPC and allows using multiple Availability zones (AZs) for highly availability.
Check Point GW are stateful and need to process both forward and return traffic for a network flow. Until now, customers needed to analyze their traffic patterns and carefully configure subnet routes to the appropriate security appliance for stateful inspection.
With Appliance mode, Cloud WAN selects a single network interface in the appliance VPC to send both forward and return traffic for the life of the flow thus eliminating the need for special routing configuration.
For multi-AZ deployments, Cloud WAN symmetrically routes flow traffic through the same AZ and as a result via the same appliance for stateful inspection. Appliance mode also supports deployment of AWS Gateway Load Balancer (GWLB), a service that allows customers to deploy and manage third-party network appliances in a horizontally scalable manner.
Appliance mode support is available in all AWS regions where Cloud WAN is available. There are no additional charges to use this feature. To learn more, please visit the AWS Cloud WAN documentation pages.