Enabling host protection prevents unauthorized incoming connections to the host and minimizes an attacker's lateral movements after gaining access.
By default, Aporeto recognizes only containers on the host as processing units. After enabling host protection, Aporeto recognizes the host as a processing unit. This allows you to control and monitor communications to and from the host itself, not just its containers.
Aporeto denies all traffic by default. You must whitelist the necessary traffic before enabling host protection. Otherwise, you will lose access to your host.
To avoid interruptions in access or service, follow the guidance in this section in sequence.