AWS Network Firewall is a managed service designed to simplify network traffic filtering and protection within your VPCs.
AWS Network Firewall is a stateful managed network firewall service for VPCs, providing network threat protection with IDS/IPS.
AWS Network Firewall operates at Layer 3/4.
Technical Specs: Layer 3/4
It is a stateful managed network firewall with IDS (Intrusion Detection System) and IPS (Intrusion Prevention System).
AWS Network Firewall offers granular control over network traffic, allowing for deep inspection and policy enforcement.
AWS Network Firewall operates at the perimeter of networks, such as VPC-to-VPC connections, internet gateways, and virtual gateways for VPNs.
Traffic inspection and filtering are based on IPs, ports, protocols, domain names, and regex patterns.
It works for any flow type, including egress, ingress, and VPC-to-VPC traffic.
Endpoints in subnets route traffic to firewall endpoints for evaluation against configured rules. Available actions include block, allow, and count.
AWS Network Firewall can be centrally managed across an organization for consistent security policies.
AWS Network Firewall can be centrally configured and managed by AWS Firewall Manager. AWS Firewall Manager allows centralized management of firewall rules across your organization, including WAF rules, Network Firewall rules, and security groups.
While AWS Network Firewall is a native service, the Gateway Load Balancer is designed for integrating third-party virtual firewall appliances.
The Gateway Load Balancer (GWLB) is designed for inserting third-party virtual appliances, automatically distributing traffic, scaling, and maintaining flow stickiness. GWLB endpoints allow transparent redirection of traffic.
Technical Specs: Operates at Layer 3; supports GENEVE protocol on port 6081
To integrate a third-party virtual firewall appliance for traffic inspection, deploy a Gateway Load Balancer (GWLB) in an inspection VPC. Then, create a Gateway Load Balancer endpoint in the application VPC to redirect traffic to the appliance in the inspection VPC.
Glossary
Stateful Firewall
A firewall that monitors the state of active connections and uses this information to determine which network packets to allow through.
IDS (Intrusion Detection System)
A security tool that monitors a network or systems for malicious activity or policy violations and alerts administrators.
IPS (Intrusion Prevention System)
A network security device that monitors network and/or system activities for malicious or unwanted behavior and can react to block or prevent those activities.
VPC (Virtual Private Cloud)
A logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.
Gateway Load Balancer (GWLB)
A Layer 3 load balancer specifically designed for deploying and managing virtual appliances, like firewalls, and routing traffic to them.
AWS Firewall Manager
A service that allows you to centrally configure and manage firewall rules across your AWS accounts and applications in AWS Organizations.