- Products›
- Security, Identity and Compliance›
- AWS Network Firewall
AWS Network Firewall
Deploy advanced network firewall security across your VPCs
Why AWS Network Firewall?
AWS Network Firewall helps you protect your Amazon VPCs with automated, intelligence-driven network security. Create granular rules to control traffic, automatically block active threats using AWS managed rules powered by Amazon threat intelligence, and protect against emerging threats with managed rules from AWS Marketplace partners. Deploy AWS Network Firewall across your VPCs for consistent protection through features like geographic IP filtering, deep packet inspection, and advanced intrusion prevention capabilities. AWS Network Firewall scales automatically to help defend your workloads while reducing operational overhead.
Benefits
Automatically scale your AWS Network Firewall to protect your managed infrastructure
You can defend against active threats by using AWS managed rules powered by Amazon threat intelligence. Use geographic IP filtering to filter traffic based on the source or destination country. The automated domain lists capability helps you analyze logs so you can create custom rules based on actual network traffic patterns. Leverage managed rules from AWS Marketplace partners covering several security use cases like web filtering or blocking known bad IPs.
Use AWS Network Firewall to centrally manage firewall polices by deploying multiple firewall endpoints across accounts and perform centralized inspection within an account through simplified AWS Transit Gateway integration.
Use cases
Cloud perimeter security & access control
AWS Network Firewall enables enterprise-grade perimeter defense by filtering incoming traffic at VPC boundaries using integrated intrusion detection/prevention systems and geographic IP filtering. Deploy stateful inspection and inline TLS inspection for both ingress and egress traffic to decrypt, monitor, and protect encrypted network flows. Create custom security rules to block malicious traffic patterns and restrict access from unauthorized regions. Seamlessly integrate with AWS security services for comprehensive inbound and outbound traffic protection.
Network traffic protection & monitoring
AWS Network Firewall provides comprehensive VPC network protection through domain filtering, deep packet inspection, geographic-based access controls for outbound traffic. Deploy advanced security features including protocol-based blocking and HTTP/HTTPS traffic inspection to secure your cloud workloads. You can also use AWS Network Firewall proxy to decrypt and inspect HTTPS traffic, prevent data exfiltration, and enforce enterprise-grade filtering rules.
Active threat detection & blocking
To detect and block active threats throughout the attack lifecycle with automated security response and continuous protection updates, use AWS Network Firewall with active threat defense or, safeguard your cloud environment against emerging security threats using managed rules from AWS marketplace partners.
VPC-to-VPC traffic security & inspection
AWS Network Firewall secures East-West traffic through stateful inspection and advanced intrusion prevention, monitoring inter-VPC communications for threats using signature-based detection. Integration with AWS Transit Gateway enables you to implement consistent security policies across your VPCs and Availability Zones, helping you protect workloads and data throughout your AWS infrastructure with centralized management.
Case studies
Learn how Rapid7 strengthens network security using Network Firewall
Did you find what you were looking for today?
Let us know so we can improve the quality of the content on our pages