Multicloud Defense Ingress Gateways

Deploying an Ingress gateway protects our public-facing applications. The Ingress gateway acts as a reverse proxy that carries out full decryption and applies advanced security functionalities such as intrusion prevention, antimalware, web application firewall (WAF), and full-path URL filtering.

The diagram is an example of an AWS account with an ingress gateway in a centralized mode.

Multiple Spoke VPCs and an on-premises data center connects to a Transit Gateway. This gateway routes traffic to a Security VPC, which then uses an NLB to direct traffic.