How to Connect to AWS in a Quick & Inexpensive way Part 1: Comparing Connection Types

-

 


Why Connect Your DC to AWS?

  1. Connect to your Internal Web Apps in AWS.
  2. Database Synchronization in AWS.
  3. File Transfers to & from AWS.
  4. Encrypt Traffic between Onprem & AWS.
  5. Temporary (DX) or Backup connection
  6. SDWAN Entry Point

Key differences between the two vpn connection types

S2S IPSEC VPN To TGW

  1. 1.25Gbps per IPSec Tunnel.
  2. IPSec from On-Prem Terminates on the TGW.
  3. Lower Cost & Simpler Architecture.
  4. Quick Setup.

S2S IPSEC VPN Using GRE Tunnels to the TGW


  1. 5.6Gbps per IPSec Tunnel.
  2. IPSec from On-Prem Terminates on an NVA.
  3. Need 1+ NVA ( PA CloudBlade, PA Firewalls, Cisco CSR).
  4. Higher Cost, but Higher Throughput.
  5. More Complex Setup, but Quicker than Using Direct Connect.

Consider Donating to allow me to make more useful videos for you  . When you donate I will provide a discount code in my training store. Go to the discount page here.

 
  1. Go to the Training store for mode in-depth training 
  2. Go to the Training Index to checkout all the courses we have available 
Disclaimer: The information posted here is informational only. Ricardo Gutierrez won’t be held liable for any mishaps, failures or any other negative outcome. It is the reader’s responsibility to make their own decisions and act on them.

Comments

Post a Comment

Popular posts from this blog

How to Connect to AWS in a Quick & Inexpensive way Part 2:

-
Image
  Architecture Benefits 1.       End to End Dynamic Routing. a.       BGP . b.       ECMP. 2.       Highly Available. a.       Dual Firewalls. b.       Dual IPSec Tunnels. 3.       Scalable. a.       IPSec Tunnels. b.       AWS Firewalls. 4.       Secure. a.       End to End Encrypted Traffic  to AWS (IPSec). b.       Encrypted Apps (https, SSH, FTPS, etc). 5.       Throughput: 2x 5.6Gbps. Traffic Flow 1.       On-Prem network. 2.       IPSEC ECMP (Load Balancing) To FWs 3.       GRE Tunnels. 4.       TGW Peer Attachment 5.       ...
Read more

How to Automatically Blocklist and Attacker's IP address using Palo Alto Networks.

-
Image
Network Security engineers rely and trust the blacklist feeds, whether they get that from minemeld or from mxtoolbox, spanhaus, ipinfo and others. For the most part these are quite accurate, however, hackers are crafty and switch public IP addresses frequently. To keep the databases up to date in real time is extremely challenging, to say the least. So, what can you do to keep up with the ever changing harmful IP addresses? You need to inspect traffic for threats and vulnerabilities on a Palo Alto Networks Firewall. Once the firewall detects the threat and the attacker’s public IP address, the firewall will then automatically add the attacker’s IP address in a Deny firewall rule. Important : You must make sure you are blocking critical, high and medium risk threat at bare minimum. Why do I need to blacklist the attacker’s IP address if my firewall is already blocking threats? The answer is simple, you don’t know what other vulnerabilities the attackers are trying to exploit. The firewa...
Read more

HOW TO BLOCK NAT SLIPSTREAMING ON PALO ALTO FIREWALLS

-
Image
  Update: 02/10/2021 If you are using threat DB version 8373-6537, the default action now is reset-server. The main objective of Cybersecurity professionals, is to reduce the attack surface, on network connected devices (computers, IoT, hvac, smart UPSs, smart power strips, etc.). Cybersecurity professionals often assume that devices that have no internet connectivity will never be compromised by a hacker. The NAT slipstreaming cyberattack proves this wrong. “ NAT Slipstreaming allows an attacker to remotely access ANY TCP/UDP service bound to ANY system behind a victim’s NAT, bypassing the victim’s NAT/firewall (remote arbitrary firewall pinhole control),  all it takes is the victim’s computer to visit the attacker’s website”. Once the victim’s computer visits the website, the attacker’s servers start to scan your network to identify the network connected devices. If your devices have not been patched to mitigate vulnerabilities, the attackers will exploit these to take cont...
Read more