In the area of networking, Egress refers to traffic that quits an entity or a network border, whereas Ingress refers to traffic that enters a network barrier. While this is quite obvious in service provider networks, it is significantly different in datacenter or cloud networks. In the cloud, Egress still refers to traffic leaving the private network and entering the public internet, but Ingress refers to something slightly different. To be clear, private networks relate to resources within the network border of a data center or cloud environment, and its IP space is totally under the control of the company that manages it.
Because traffic in and out of a private network, such as the cloud, is frequently translated via NAT, a response back from a public endpoint to a request originated within the private network is not considered Ingress. Suppose a request is sent from the private network to a public IP address. In that case, the public server/endpoint answers with a port number specified in the request, and the firewall accepts the connection since it is aware of an established session based on that port number.
Egress:
Let’s define Ingress now that Egress is out of the way. As you may have guessed, Ingress refers to uninvited traffic delivered from a public internet address to a private network; it is not a response to a request initiated by an inside system. Firewalls are designed to reject this request unless a specified policy and configuration enable ingress connections.
