VPN CloudHub
Securely connect remote branch offices using the AWS VPN CloudHub, operating on a simple hub-and-spoke model, for primary and backup connectivity between remote offices.
Each remote site must have a unique ASN to send data to and receive data from other sites. The choice between static routing and dynamic routing for your VPN connections depends on how you want to handle failover. Both static and dynamic connectivity types use IPsec VPN tunnels. Dynamic routing uses BGP peering to exchange routes and routing priorities between AWS and the remote endpoints. Dynamic routing using Forcepoint NGFW is more flexible than dynamic routing in AWS, because AWS automatically changes BGP gateway routes when the gateway changes.