discrimiNAT

The discrimiNAT is a solution to being unable to specify hostnames in Google Cloud Firewall Rules and AWS Security Groups. It works by monitoring and blocking traffic without decryption, with our Deep Packet Inspection engine, inline as a high-availability NAT Instance on the egress of your VPC network.

SIMPLE CONFIGURATION

We have made the configuration of this firewall as simple as possible. Just specify a comma-separated list of allowed destination hostnames and the firewall will take care of the rest. See the brief video demos for how straightforward this is.

SIMPLE DEPLOYMENT

From complete multi-zone network configurations that work with a single click and have sane defaults, to DIY instance deployments so you can configure the networking around it, we have all templates ready to go in our CloudFormation library for AWS and as a Deployment Manager template for Google Cloud.

ENCRYPTION STANDARDS & COMPLIANCE

A Deep Packet Inspection firewall can help you reach compliance standards by limiting the egress routes of your network to only allowed destinations. What's more, is the discrimiNAT firewall enforces the use of contemporary encryption standards such as TLS 1.2, TLS 1.3 and SSH v2. Anything older or insecure will be denied connection automatically.

INTEGRATED LOGGING

The firewall logs each connection allowed and disallowed straight into Stackdriver or CloudWatch with rich metadata for analysis. Again, no configuration or setup required. Just pick one of our CloudFormation templates or the Deployment Manager template, and everything is set up out of the box.

TRANSPARENT & FAST

A Deep Packet Inspection firewall does not require TLS termination or configuration of applications to use a proxy. This results in a significantly faster, end-to-end secure connection to the destination with no impact on component substitutability or configuration changes.