Filter network traffic using AWS Network Firewall
You can filter network traffic at the perimeter of your VPC using AWS Network Firewall. Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service. For more information, see the AWS Network Firewall Developer Guide.
You implement Network Firewall with the following AWS resources.
Network Firewall resource | Description |
---|---|
Firewall | A firewall connects a firewall policy's network traffic filtering
behavior to the VPC that you want to protect. The firewall configuration
includes specifications for the Availability Zones and subnets where the
firewall endpoints are placed. It also defines high-level settings like the
firewall logging configuration and tagging on the AWS firewall resource.
For more information, see Firewalls in AWS Network Firewall. |
Firewall policy | A firewall policy defines the monitoring and protection behavior for a
firewall. The details of the behavior are defined in the rule groups that
you add to your policy, and in some policy default settings. To use a
firewall policy, you associate it with one or more firewalls. For more information, see Firewall policies in AWS Network Firewall. |
Rule group | A rule group is a reusable set of criteria for inspecting and handling
network traffic. You add one or more rule groups to a firewall policy as
part of your policy configuration. You can define stateless rule groups to
inspect each network packet in isolation. Stateless rule groups are similar
in behavior and use to Amazon VPC network access control lists (ACLs). You can
also define stateful rule groups to inspect packets in the context of their
traffic flow. Stateful rule groups are similar in behavior and use to Amazon VPC
security groups. For more information, see Rule groups in AWS Network Firewall. |
You can also use AWS Firewall Manager to centrally configure and manage Network Firewall resources across your accounts and applications in AWS Organizations. You can manage firewalls for multiple accounts using a single account in Firewall Manager. For more information, see AWS Firewall Manager in the AWS WAF, AWS Firewall Manager, and AWS Shield Advanced Developer Guide.