Posted On: Jul 8, 2021

Starting today, AWS Firewall Manager allows customers to centrally monitor route configurations for AWS Network Firewall, and get alerts on routes non-compliant with their configuration. With this launch, customers can now monitor VPC routes to ensure traffic egressing through Internet Gateway (IGW) is inspected by the Network Firewall deployed by Firewall Manager in each VPC. Customers get alerted on route configurations that are non-compliant, such as, routes that bypass firewall inspection, or routes that lead to asymmetric traffic, and get suggestions to remediate the routes.

To get started, you can use the same Firewall Manager security policy you use for configuring AWS Network Firewall today through the Firewall Manager console or API. Once you have identified the rules to deploy and the accounts and VPCs to deploy the firewalls in, you can choose to monitor VPC routes that are relevant to the Network Firewalls and the VPCs where they are deployed. Once the policy is configured, Firewall Manager will monitor routes between subnets and IGW for every VPC where Network Firewall is deployed. From there, Firewall Manager will automatically surface any VPC routes and route tables that are non-complaint with your intended configuration. At the same time, you will also get suggestions to remediate the route configurations to bring them into compliance. Firewall Manager will also monitor routes for new VPCs and accounts, or changes to existing routes to alert you on any non-complaint route configurations.

Firewall Manager is a security management service that allows customers to centrally configure and deploy firewall rules across accounts and resources in their organization. With Firewall Manager customers can deploy and monitor rules for AWS WAF, AWS Shield Advanced, VPC security groups, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall across their entire organization. Firewall Manager ensures that all firewall rules are consistently enforced, even as new accounts and resources are created.

To learn more about the feature, see documentation. For more details on the service and region availability, please visit the service website and AWS Region Table.