AWS Transit Gateway

Reply
L2 Linker

AWS Transit Gateway

Hello,

 

Is there planned AWS Transit Gateway integration? There is mention but no detail in this video:

 

https://www.youtube.com/watch?v=6fhwoAwYrug

 

Other than operational ease, the Transit Gateway advantages appear limited. Traffic between VPCs is not encrypted. VPC segmentation is via routing and does not traverse a firewall.

Tags (1)
Highlighted
L3 Networker

Re: AWS Transit Gateway

Yes, we announced our intentions here.

https://researchcenter.paloaltonetworks.com/2018/11/reinvent-2018-update-aws-security-hub-integratio...

 

You can build it out manually today, it works and has been tested internally.  We will be releasing additional documentation and templates soon.

 

I would recommend reaching out to your account team for additional information.

Tags (1)
Highlighted
L2 Linker

Re: AWS Transit Gateway

Thanks @jmeurer.

 

Is there an ETA on the documentation?

 

I've asked our SE for more details.


@jmeurer wrote:

Yes, we announced our intentions here.

https://researchcenter.paloaltonetworks.com/2018/11/reinvent-2018-update-aws-security-hub-integratio...

 

You can build it out manually today, it works and has been tested internally.  We will be releasing additional documentation and templates soon.

 

I would recommend reaching out to your account team for additional information.



 

Highlighted
L2 Linker

Re: AWS Transit Gateway

Hi @jmeurer

 

Any updates on the documentation? I'm interested in securing traffic flowing Inbound, East/West and Outbound with VPC insertion and VPN insertion. Particulary interested in taking advantage of ECMP VPN to connect the VM_SERIES to the TG. Any documentation would be greatly appreciated.


Thank you.

Highlighted
L5 Sessionator

Re: AWS Transit Gateway

Here is some information on Transit Gateway manual deployment as well as a YAML template for automated deployments. Hope this helps. 

 

https://github.com/PaloAltoNetworks/TransitGatewayDeployment

 

 

Highlighted
L2 Linker

Re: AWS Transit Gateway

Hi @jperry1 ,

 

My concern with this design is the VPC attachment from TGW SN to the TGW. Rather than using ECMP VPN links 'that I have been unable to find documentation on', the data sent across that connection will be in the clear; right? 

 

What are your thoughts on that? 

Highlighted
L1 Bithead

Re: AWS Transit Gateway

Fantastic documentation here in the manual build https://github.com/PaloAltoNetworks/TransitGatewayDeployment, I think you left out one thing. A need to add default route on FW2 pointing to eth1, otherwise the outbound traffic will be dropped by the firewall.

 

 

Highlighted
L0 Member

Re: AWS Transit Gateway

I am on my third or fourth attempt to walk through the Manual build guide and every time I reach Page 22, step 8, the TGW Attachment "attach-spoke1" is not available as a target.  Only the tgw-security gateway.Screen Shot 2020-03-10 at 2.36.38 PM.png

Highlighted
L3 Networker

Re: AWS Transit Gateway

Please switch the deployment guide and reference architecture here. 

https://www.paloaltonetworks.com/resources/reference-architectures/aws

 

 

Highlighted
L2 Linker

Re: AWS Transit Gateway

Hi @DewhirstR ,

 

Hope all is well and you get this worked out.

 

Take a look at page 13-15 and verify the VPC attachments for both spokes to the TGW. Verify Associations in the TGW Route Table for the VPCs. 

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!