About This Architecture

Hybrid VPN architecture connects on-premises KTIO data sources (CTS, HMI, Agilion, Hastus) to AWS DRIV2 production environment through Palo Alto VPN gateway and AWS Transit Gateway. Traffic flows from on-prem through Customer Gateway to Transit Gateway, inspected by AWS Network Firewall in centralized inspection VPC, then routed to spoke account VPC 10.207.192.0/22 with three-tier subnet design. This hub-and-spoke topology demonstrates AWS best practices for centralized network security inspection and multi-account VPC connectivity. Fork this diagram on Diagrams.so to customize IP ranges, add spoke VPCs, or adapt the firewall rules for your hybrid cloud architecture. Download as .drawio, .svg, or .png for network documentation and change management workflows.

People also ask

How do I design a secure hybrid VPN architecture with AWS Transit Gateway and centralized firewall inspection for multiple AWS accounts?

Use AWS Transit Gateway as the hub to connect on-premises VPN (via Customer Gateway) to multiple spoke VPCs. Route all traffic through a dedicated inspection VPC with AWS Network Firewall for centralized security policy enforcement before reaching spoke account workloads. This diagram shows the complete topology with IP addressing and data flow.