The guides linked to below illustrate how to configure Netskope IPSec tunnels with your AWS environment for egress traffic filtering and monitoring. This integration provides unmatched visibility and real-time data and threat protection for the traffic leaving your AWS environment. Steering your AWS egress traffic to the Netskope cloud allows you to apply full capabilities of the Netskope platform, including cloud network firewall, web content filtering, data leakage and threat protection, third-party risk protection, etc.
You can integrate your AWS environment with Netskope with the following methods:
You can establish IPSec VPN tunnels with AWS Site-to-Site VPN between your AWS virtual private gateway, which is associated with a single Amazon Virtual Private Cloud (VPC) and Netskope Points of Presence (POPs). You must repeat this implementation for each Amazon VPC from which you’d like to steer traffic to the Netskope cloud. With this option, you can stream up to 250 Mbps of bandwidth to Netskope from a single VPC.
You can establish IPSec VPN tunnels with AWS Site-to-Site VPN between your AWS Transit Gateway. This will allow you to use the same Site-to-Site VPN connection to Netskope for multiple VPCs. However, the aggregated bandwidth for the egress traffic from these VPCs are limited by 250 Mbps. You also can split your VPCs connected to the AWS Transit Gateway into a number of groups and manage traffic steering to Netskope for each group separately. In this case, you can stream up to 250 Mbps of bandwidth to the Netskope cloud for each VPC group.
For more details: