Palo Alto Encryption Over Layer 2 Cloud Interconnect for AWS

PDF Icon Download PDF

Executive Summary:

As a result of this engagement, you will have a highly available, secure implementation of an IPSec tunnel over their existing AWS Direct Connect using Palo Alto Next-Generation Firewalls to terminate the tunnels cloud side. It will also set up a VPN failover. This project will allow for enforced end to end traffic encryption between sites in your hybrid cloud environment.

Offering Description:

Vandis will work with your network and security teams to integrate Palo Alto Next-Generation Firewalls as a highly available VPN endpoint in a single region of AWS. We will assist with the design and configuration of the subnets, gateways, NSGs, and Route Tables and deliver those in VPC.

Throughout the engagement, your organization will work with the Vandis Engineering team to understand your security needs and goals. Vandis will also make recommendations on other solutions that may help achieve your cloud goals.


  • Cloud Design Session
    • Discuss Cloud Goals
    • Discuss underlying Cloud Governance
    • Discovery of existing environment
  • Palo Alto Next-Generation Firewall Deployment:
    • VPC topology and address space allocation
    • Subnet and network segmentation
    • Gateway Objects
    • Route Tables
    • Network Security Groups/NACLs
    • Load Balancers
    • Integration of Palo Alto Next-Generation Firewalls into the VPC
      • Integration into existing Panorama (if applicable)
      • External VPN set up
  • Cloud Connectivity Set Up
    • Cloud Connectivity Checklist Review
    • Cloud Connectivity Circuit (Direct Connect) Set Up (if applicable)
    • Encryption over the Cloud Connectivity Circuit
  • Palo Alto Next-Generation Firewall Design
    • Cloud Templates
    • Architectural Design Document

 View Offering in AWS Marketplace

For additional information, please reach out to 516-281-2200 or

Thank You

We will contact you shortly.

If you have any questions, please contact us at or call us at (516) 281-2200.


There Was A Problem