Configure Service VPCs and Service VNets

While not strictly mandatory, we do strongly recommend creating and attaching a VPC or VNet to your Multicloud Defense Gateway as part of the deployment process. VPCs and VNets provide the necessary framework to secure, organize, and efficiently manage your network resources while integrating with a firewall gateway.

When you attach a VPC or VNet, you open your network to the following bonuses:

  • Isolation and Security - A VPC/VNet allows you to create a logically isolated network within a cloud provider, ensuring that your resources are segregated from other users. You can also define security rules that control inbound and outbound traffic to and from your resources, using the firewall gateway to enforce these rules, thus controlling access.

  • Customizable Network Architecture - The ability to create subnets within a VPC or VNet and organize and segment your resources, while also managing IP address ranges as well as customizing routing tables to direct traffic efficiently within your network.

  • Scalability and Flexibility with Resource Management - Easily add or remove resources, scale your network, and adjust configurations to meet changing demands.

Without it, your environment faces increased security risks and reduced control.

Before You Begin

Before you create a VPC or VNet for your gateway, we recommend looking over the following prerequisites. Some of these are specific to the cloud service provider you use.

Prerequisites

  • If you opt to configure a Service VPC or VNet with a native gateway (NAT gateway), you must have a native gateway configured from your cloud service provider. See your cloud service provider documentation for more information.

  • If you intend to deploy a Service VNet with an Azure NAT gateway, confirm you have all of the permissions in your custom role within the Azure dashboard prior to creating and deployng. See Create a custom role to assign to the Application for the complete list of permissions.

  • If you provide your own transit gateway, you are able to attach more than one Service VPC or VNet to it. It is even possible to replace an existing Service VPC or VNet with a new one without re-deploying the gateway.

  • (Preview Only) If you create a Service VPC for an FTDv gateway, only AWS and Azure accounts are supported.