Network Firewall

MEDIUM Domain 1: Design Secure Architectures

AWS Network Firewall is a stateful managed network firewall service for Amazon Virtual Private Clouds (VPCs), providing network threat protection with Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) capabilities, operating at Layer 3/4. It can be centrally managed by AWS Firewall Manager, allowing for rule configuration and traffic inspection.

Learning Objectives

Understand the core definition and operational layer of AWS Network Firewall.
Identify the key features and traffic inspection capabilities of AWS Network Firewall.
Recognize how AWS Network Firewall integrates with other AWS security services.
Differentiate AWS Network Firewall from other firewall-related services like WAF and Gateway Load Balancer.

Introduction to AWS Network Firewall

AWS Network Firewall is a managed service designed to simplify network traffic filtering and protection within your VPCs.

AWS Network Firewall is a stateful managed network firewall service for VPCs, providing network threat protection with IDS/IPS.

AWS Network Firewall operates at Layer 3/4.

Technical Specs: Layer 3/4

It is a stateful managed network firewall with IDS (Intrusion Detection System) and IPS (Intrusion Prevention System).

Features and Traffic Management

AWS Network Firewall offers granular control over network traffic, allowing for deep inspection and policy enforcement.

AWS Network Firewall operates at the perimeter of networks, such as VPC-to-VPC connections, internet gateways, and virtual gateways for VPNs.

Traffic inspection and filtering are based on IPs, ports, protocols, domain names, and regex patterns.

It works for any flow type, including egress, ingress, and VPC-to-VPC traffic.

Endpoints in subnets route traffic to firewall endpoints for evaluation against configured rules. Available actions include block, allow, and count.

Integration with AWS Firewall Manager

AWS Network Firewall can be centrally managed across an organization for consistent security policies.

AWS Network Firewall can be centrally configured and managed by AWS Firewall Manager. AWS Firewall Manager allows centralized management of firewall rules across your organization, including WAF rules, Network Firewall rules, and security groups.

Related Concepts: Gateway Load Balancer for Firewall Appliances

While AWS Network Firewall is a native service, the Gateway Load Balancer is designed for integrating third-party virtual firewall appliances.

The Gateway Load Balancer (GWLB) is designed for inserting third-party virtual appliances, automatically distributing traffic, scaling, and maintaining flow stickiness. GWLB endpoints allow transparent redirection of traffic.

Technical Specs: Operates at Layer 3; supports GENEVE protocol on port 6081

To integrate a third-party virtual firewall appliance for traffic inspection, deploy a Gateway Load Balancer (GWLB) in an inspection VPC. Then, create a Gateway Load Balancer endpoint in the application VPC to redirect traffic to the appliance in the inspection VPC.

Exam Focus

Differentiate AWS Network Firewall from AWS WAF: Network Firewall operates at Layer 3/4 for network traffic, while WAF operates at Layer 7 for web applications.
Remember that Gateway Load Balancer (GWLB) is ideal for inserting *third-party* virtual firewall appliances, providing transparent redirection and scaling.
AWS Network Firewall is a *managed* service for VPCs, offering IDS/IPS capabilities.

Glossary

Stateful Firewall: A firewall that monitors the state of active connections and uses this information to determine which network packets to allow through.

IDS (Intrusion Detection System): A security tool that monitors a network or systems for malicious activity or policy violations and alerts administrators.

IPS (Intrusion Prevention System): A network security device that monitors network and/or system activities for malicious or unwanted behavior and can react to block or prevent those activities.

VPC (Virtual Private Cloud): A logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

Gateway Load Balancer (GWLB): A Layer 3 load balancer specifically designed for deploying and managing virtual appliances, like firewalls, and routing traffic to them.

AWS Firewall Manager: A service that allows you to centrally configure and manage firewall rules across your AWS accounts and applications in AWS Organizations.

Key Takeaways

AWS Network Firewall provides stateful, managed network threat protection for VPCs at Layers 3/4, including IDS/IPS.
It enables filtering based on IPs, ports, protocols, domain names, and regex, supporting ingress, egress, and VPC-to-VPC traffic.
AWS Firewall Manager can centrally manage Network Firewall rules across an organization for consistent security policies.
Gateway Load Balancer (GWLB) is utilized for integrating and scaling *third-party* virtual firewall appliances transparently within a VPC environment.

Content Sources

02_AWS_Solutions_Architect_Associate_... EC2 Networking and Optimization Amazon EC2 AWS Cloud Foundations Security and Compliance (Chapter 4) Extracted: 2026-01-26 11:56:21.881016 Model: gemini-2.5-flash