Sold by: netCUBEDÂ
Deployed on AWS
Free Trial
A highly available, egress filtering proxy and NAT gateway. The gateway restricts HTTP and HTTPS egress traffic from VPC resources to a whitelisted set of hostnames (FQDN). This solution is effective where traditional IP-based firewalls fall short.
Overview
The Secure Internet Access Gateway is a highly available, egress filtering proxy and NAT gateway. The gateway restricts HTTP and HTTPS egress traffic from VPC resources to a whitelisted set of hostnames (FQDN). This solution is effective where traditional IP-based firewalls fall short. Access to package repositories and AWS APIs can be provided to instances in private subnets without granting them broad internet access. The gateway is ideally suited to protect your EC2 instances, AWS Workspaces and even Lambda functions from harmful internet traffic while still providing access to update servers, specific websites and services.
The gateway can operate in explicit and transparent mode. In explicit mode, the instance needs to be provided with the gateway's proxy address. The explicit mode provides more granular control over what application has access to the internet. In transparent mode the gateway is added to the subnet's route table allowing traffic to be filtered on its way out to the internet. No changes to applications on EC2 instances are necessary. The transparent mode is useful in scenarios where an application does not provide an option to define a proxy.
The Secure Internet Access Gateway is powered by the AWS Network Load Balancer (NLB). The gateway can therefore easily be shared with other VPCs in the same region using the VPC PrivateLink feature. Please note that only explicit mode is available when using PrivateLink.
Highlights
- HIGH AVAILABILITY | The gateway can easily be deployed in multiple availability zones for redundancy.
- TRANSPARENT PROXY | Optionally filters traffic in transit without explicit proxy configuration.
- FILTER BY HOSTNAME | Control egress traffic by destination hostname instead of IP address.
Details
Sold by
Categories
Delivery method
Delivery option
New VPC Deployment
Existing VPC Deployment
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
AmazonLinux 2
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 5 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c5.large Recommended | $0.073 |
t3.xlarge | $0.123 |
t2.xlarge | $0.123 |
r5a.xlarge | $0.163 |
m4.4xlarge | $0.43 |
r5.24xlarge | $2.158 |
r5.large | $0.097 |
m5.4xlarge | $0.414 |
t2.small | $0.042 |
r4.16xlarge | $2.158 |
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
- Migrated to Amazon Linux 2
- Upgraded Squid to version 4.7
- Implemented improvements to transparent proxy behavior
- Added support for VPC Endpoint Services which allows you to share one Gateway with any number of VPCs
Additional details
Usage instructions
This solution is best deployed through CloudFormation templates. CloudFormation is an Infrastructure as Code (IaC) service provided by AWS which makes it fast and easy to set up complex cloud infrastructures.
The CloudFormation template will output the hostname of the Network Load Balancer (NLB) under Outputs, ProxyAddress. The port for the HTTP proxy is always 3128. On most Linux systems it is sufficient to set the http_proxy and https_proxy environmental variables. The majority of client applications will pick up these variables and configure themselves accordingly.
Please find detailed instructions at http://netcubed-ami.s3-website-us-east-1.amazonaws.com/sinac/v1.0.0/#configuring-applications-to-use-the-proxyÂ
Resources
Vendor resources
Support
Vendor support
For paid support, email sales@netcubed.de for further information. Free support is provided via support@netcubed.de . For free support, we do not provide a guaranteed response time, however we do our best to respond to questions within 24 hours Monday through Friday.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By netCUBED
By Chaser Systems
By Cohesive Networks
AI generated from product descriptions
Network Traffic Filtering
"Restricts HTTP and HTTPS egress traffic from VPC resources to a whitelisted set of hostnames (FQDN)"
Proxy Operation Mode
"Supports both explicit and transparent proxy modes for flexible network traffic control"
Network Load Balancing
"Powered by AWS Network Load Balancer for distributing and managing network traffic"
Access Control Mechanism
"Provides granular control over internet access for EC2 instances, AWS Workspaces, and Lambda functions"
Traffic Routing Strategy
"Enables internet access to package repositories and AWS APIs for instances in private subnets without broad internet exposure"
Network Traffic Filtering
Transparent proxy-less NAT Gateway alternative for filtering egress traffic by Fully Qualified Domain Names (FQDNs) in a VPC
DNS Spoofing Prevention
Conducts out-of-band DNS lookups to prevent TLS SNI spoofing and log potential supply-chain malware attempts
Traffic Monitoring
Supports monitor mode for logging egress traffic without blocking, with ability to extract accessed FQDNs via CloudWatch queries
High Availability Architecture
Runs with load-balancing and auto-scaling capabilities within VPC using AWS Gateway Load Balancing Partner framework
Compliance and Security Hardening
Hardened to CIS benchmarks, supports compliance with PCI DSS v4.0 and NIST SP 800-53 security controls, with quarterly critical OS updates
Network Address Translation
Provides outbound source and port NAT-ing with ability to limit outbound NAT to specific ports or destination addresses
Firewall Capabilities
Includes integrated firewall functions for controlling and securing network traffic
Plugin Support
Supports plugins for additional security features like outbound Web Application Firewall (WAF) and URL filtering
Network Routing
Configurable routing with support for setting 0.0.0.0/0 routes to VPC internet gateway
Remote Administration
Enables one remote VPN user connection for secure administrative access
Standard contract
No
No
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.