AWS Network Firewall now supports configurable TCP idle timeout

Posted on: Oct 30, 2024

AWS Network Firewall is launching a new capability that allows you to change the TCP idle timeout value of AWS Network Firewall and align it with your applications TCP idle timeout value. Using this capability your AWS Network Firewall can perform uninterrupted stateful inspection of the applications that use long-lived flows, such as financial applications, databases and ERP systems.

Prior to this launch, TCP idle timeout was a fixed value of 350 seconds, which could interrupt long-lived flows of some applications. With this launch, you have the flexibility to configure AWS Network Firewall TCP idle timeout to be a value between 60 seconds to 6000 seconds, with the default remaining at 350 seconds for backward compatibility.

AWS Network Firewall is a managed firewall service that makes it easy to deploy essential network protections for all your Amazon VPCs. TCP idle timeout configuration is supported in all AWS Regions where AWS Network Firewall is available today, including the AWS GovCloud (US) Regions. For more information about the AWS Regions where AWS Network Firewall is available, see the AWS Region table. You can configure the TCP idle timeout on AWS Network Firewall using the AWS Management Console, AWS CLI, AWS SDK, or the AWS Network Firewall API.

To learn more about configuring AWS Network Firewall, please refer to the service documentation.