📘 Case Study

Optimizing Global Cloud Connectivity with AWS Cloud WAN, Palo Alto NGFW & Zscaler

👤 Client Profile

A global financial enterprise with operations spanning 10+ AWS regions, 100+ AWS accounts, and 300+ VPCs. Faced growing complexity from decentralized architectures, inconsistent security enforcement, and costly VPC peering sprawl across business units.

⚠️ Challenges

• Excessive VPC peering creating high operational overhead and routing complexity
• Fragmented security policies across AWS regions risking compliance gaps
• No centralized architecture to manage global cloud connectivity at scale
• Limited visibility into inter-region traffic flows and inefficient egress strategy
• Manual provisioning and inconsistent deployment models across environments

Solutions Delivered

• Designed and implemented a global AWS Cloud WAN architecture for scalable, segmented multi-region connectivity
• Integrated AWS Transit Gateways (TGWs) with Cloud WAN to enforce traffic segmentation, multi-tenancy, and centralized policy routing
• Deployed Palo Alto VM-Series NGFWs with Gateway Load Balancer (GWLB) for inline, region-wide security inspection
• Integrated Zscaler Cloud Connectors to offload internet-bound traffic securely and eliminate direct-to-internet exposure
• Automated infrastructure deployment using Terraform to provision VPCs, Cloud WAN attachments, GWLBs, and security policies

🚀 Results & Impact

🌐 Reduced VPC peerings by 70%, cutting down route table complexity and cross-region traffic duplication
🛡️ Centralized firewall enforcement across AWS regions with Palo Alto NGFWs + GWLB, improving security posture and compliance
Accelerated provisioning cycles by 90% through Terraform automation and standardized templates
📉 Lowered inter-region data transfer costs using optimized Cloud WAN pricing and centralized transit routing
☁️ Improved visibility and control over global cloud connectivity, with clear segmentation and routing domains by environment and BU
🔒 Delivered secure, policy-based internet egress via Zscaler connectors for SaaS and public cloud access

🛠️ Technologies Used

AWS Cloud WAN
AWS Transit Gateway (TGW)
Palo Alto NGFW (VM-Series) + Gateway Load Balancer (GWLB)
Zscaler Cloud Connectors
AWS Elastic Load Balancer (ELB)
AWS VPC
Terraform (IaC)

Next

Global Azure VWAN & SD-WAN Architecture