The Airwall™ relay

Routing based on identity,
not location

Routing Icon

Purpose-built for the
connected world

An overlay brokering trust

The Airwall relay routes encrypted Airwall edge service connections across all networks and transport options, without modifying the underlying network.

Secure end-to-end connectivity is now simple whether you have a Layer 2, Layer 3, or bridged L2/L3 network using Ethernet, Wi-Fi, cellular, MPLS, or radio. The Airwall relay allows the WAN and Internet to behave like one local broadcast domain, making WAN micro-segmentation a reality.

Deploy anywhere

Deploy anywhere

Cloud

line

Amazon Web Services

Microsoft Azure

Google Cloud Platform

Virtual

line

VMware ESXi 6.0 and Above

Microsoft Hyper-V Server 2012 R2 and Above

Hardware

line

Airwall 500 - 1U Platform

Cloud

line

Amazone Web Services

Microsoft Azure

Google Cloud Platform

Virtual

line

VMware ESXi 6.0 and Above

MMicrosoft Hyper-V Server 2012 R2 and Above

Hardware

line

Conductor - 1U Platform

Reduce network attack vectors

A private identity namespace and outbound-only connections from Airwall edge services to the Airwall relay eliminate the need for expensive public IP addresses and inbound firewall rules to connect devices. Only the Airwall relay needs a public IP.

“The Airwall relay is a miracle in simplicity for secure WAN connectivity and segmentation. My team eliminated 250 inbound firewall rules, that really represented 250 open holes to my network, and replaced them with two outbound rules for Airwall edge service and Airwall Conductor access. It significantly reduced our attack surface and has made it simple to connect non-routable systems across separate campus networks in seconds. Now we don’t have to deal with IP conflicts or modify our existing network.”

Tom Walker
Facility Automation Services, Penn State University

Access based on identity - not IP Address

The Airwall relay is the only routing technology that doesn’t rely on layer 3 rules, network addresses, or traditional routing protocols to securely connect and route privately addressed systems across networks. Instead, the Airwall relay relies on verifiable cryptographic identities to determine if a WAN connection is allowed and forwards authenticated and encrypted traffic to authorized endpoints.

Reduce network complexity by eliminating connection barriers like NAT, different addressing realms, IP conflicts and complex firewall rules.

Building Automation System Policy Map
Building Automation System Policy Map

Point-and-click policy management

Airwall relay rules are point-and-click simple. Simply select a device or a group of devices to connect and then specify the Airwall relay you want them to use. The result is peer-to-peer connectivity across layer 2 and layer 3 networks that transforms the WAN or public Internet into your own private, cloaked, and encrypted LAN.

Fast, simple, and predictable network provisioning

line

Site-to-site VPNs are often used to securely connect separate networks. But VPNs are complex, inflexible and only secure connections to the network perimeter exposing internal resources after connectivity is terminated and forwarded.

By moving both the network boundary and security perimeter from the network edge to Airwall edge services in front of or on the hosts themselves, secure end-to-end connectivity and rapid provisioning are now possible. Creating overlay networks via the Airwall relay eliminates the need to configure a complex and insecure chain of network and security policies between two or more endpoints.

Fast, simple, and predictable
network provisioning

line

Site-to-site VPNs are often used to securely connect separate networks. But VPNs are complex, inflexible and only secure connections to the network perimeter exposing internal resources after connectivity is terminated and forwarded.

By moving both the network boundary and security perimeter from the network edge to Airwall edge services in front of or on the hosts themselves, secure end-to-end connectivity and rapid provisioning are now possible. Creating overlay networks via the Airwall relay eliminates the need to configure a complex and insecure chain of network and security policies between two or more endpoints.

Secure segmented access without VPNs

line

You can now easily give employees, contractors, and vendors granular remote access to your network and resources as an alternative to traditional VPN-based access. Through the point-and-click UI, you can now add and revoke access in one click.

Add or revoke vendor access with the click of a mouse

line

Need to give remote access to a technician to troubleshoot your HVAC system, and nothing else? No problem. With a click of the mouse, authenticated peer-to-peer sessions are established through the Airwall relay and can be disabled or revoked just as quickly.

Add or revoke vendor access
with the click of a mouse

line

Need to give remote access to a technician to troubleshoot your HVAC system, and nothing else? No problem. With a click of the mouse, authenticated peer-to-peer sessions are established through the Airwall relay and can be disabled or revoked just as quickly.

Use any transport and failover anywhere

line

Our customers have created overlay networks that securely connect privately addressed devices on separate cellular networks to non-routable instances in their data center. They subsequently create failover policy to private instances in separate clouds, all without modifying existing infrastructure. These overlay networks replace the cost and management overhead of internal firewalls and VPNs while significantly reducing the complexity of ACLs, perimeter firewall rules, and VLAN management, cutting IT costs by as much as fifty percent.