Manages 3rd party security appliances in AWS (firewalls, IDS/IPS, packet inspection tools)

Gateway Load Balancer forces all traffic to pass through security appliances that check if the traffic is safe or malicious.

Think of it like a security checkpoint at an airport - every passenger (traffic) must go through security screening (appliances like firewalls/IDS) before boarding the plane (reaching your application).

The security appliances can:

• Block malicious traffic
• Detect intrusions
• Inspect packets for threats
• Filter out attacks

How It Works

• Layer 3 operation (IP packet level)
• GENEVE protocol on port 6081
• Combines gateway + load balancer functions

Traffic Flow

Key Point: All traffic MUST pass through the GWLB for inspection before reaching the application

Target Group Options

Option 1: EC2 Instances

• Identified by instance IDs
• Example: i-123456789abcdef0

Option 2: IP Addresses

• Must be private IPs only
• Example: 192.168.1.118, 10.0.4.21

Main Functions

1. Transparent Gateway
   • Single entry/exit point for all traffic
   • Traffic flows through without being aware
2. Load Balancer
   • Distributes traffic across multiple security appliances
   • Ensures high availability and scalability

Use Cases