Networking & Content Delivery

Category: AWS Network Firewall

Integrating AWS Client VPN with AWS Network Firewall

Organizations use remote access solutions for secure remote user access to resources hosted on their internal networks. This post shows various deployment models to integrate AWS Network Firewall with AWS Client VPN. AWS Client VPN is a managed client-based VPN service that secures access to your AWS resources, and resources in your on-premises network, over […]

IPv6 deployment models for AWS Network Firewall

AWS Network Firewall is a managed, stateful network firewall and intrusion protection service that allows you to implement firewalls rules for fine grained control over your network traffic. If you’re new to AWS Network Firewall, and want to understand its features and use cases, we recommend you review the blog post AWS Network Firewall – […]

Centralized outbound inspection architecture in AWS Cloud WAN

An update was made on October 15, 2024: With the release of Service Insertion for AWS Cloud WAN, customers can now create centralized inspection architectures without the need for static routes. Refer to the AWS Cloud WAN service documentation for service insertion for details. AWS Cloud WAN helps you build a unified network that connects […]

Centralizing Domain List Management for AWS Network Firewall and Route 53 Resolver DNS Firewall

Many of our customers take a “defense in depth” approach to secure workloads within their Amazon Virtual Private Clouds (Amazon VPC). Using domain list rules in AWS Network Firewall and Amazon Route 53 Resolver DNS Firewall lets you enforce network security controls at multiple layers based on domain names. Although both DNS Firewall and Network […]

How to analyze AWS Network Firewall logs using Amazon OpenSearch Service – Part 2

In part 1 of this blog-post series, we walked you through steps to configure Amazon OpenSearch Service to receive logs from AWS Network Firewall using Amazon Kinesis Data Firehose. In this part 2, we cover steps to generate test alerts, validating them and configure dashboards in Amazon OpenSearch Service to visualize and analyze log data. […]

How to analyze AWS Network Firewall logs using Amazon OpenSearch Service – Part 1

This two-part blog series demonstrates how to build network analytics and visualizations using data available through AWS Network Firewall logs. Network Firewall supports Amazon Kinesis Data Firehose as one of the logging destinations, and these logs can be streamed to Amazon OpenSearch Service as a delivery destination. Network Firewall logs contain several data points, such as source […]

Analyzing stale security group rules using serverless architecture

Security is a top priority for AWS and customers running workloads in AWS. The previous post Top 10 security items to improve in your AWS account, covered the top security items that AWS customers should pay special attention to if they want to improve their security posture. High on the list is the need to […]

Introducing Prefix Lists in AWS Network Firewall Stateful Rule Groups

Previously you needed to update individual AWS Network Firewall rules when scaling your network to add new IP addresses. The release of this new feature means that you can update the relevant prefix list, and all of the Network Firewall rule groups that reference the prefix list are automatically updated. Both customer-managed and AWS-managed prefix […]

Design your firewall deployment for Internet ingress traffic flows

Introduction Exposing Internet-facing applications requires careful consideration of what security controls are needed to protect against external threats and unwanted access. These security controls can vary depending on the type of application, size of the environment, operational constraints, or required inspection depth. For some scenarios, running Network Access Control Lists (NACL) and Security Groups (SG) […]

Deployment models for AWS Network Firewall with VPC routing enhancements

Introduction Amazon Virtual Private Cloud (VPC) is a logically isolated virtual network. It has inbuilt network security controls and implicit routing between VPC subnets by design. Network security controls such as security groups (SGs) and network access control lists (ACLs) provide you with options to control network traffic. However these controls operate at network and transport […]