Skip to main content
DE / EN
Cloud / AWS / Products / AWS Network Firewall - VPC Protection

AWS Network Firewall - VPC Protection

AWS Network Firewall provides managed network protection for VPCs with stateful inspection and intrusion prevention.

Security, Identity & Compliance
Get Expert Support Documentation
Pricing Model Pay per firewall hour and data processed
Availability All major regions
Data Sovereignty EU regions available
Reliability 99.9% availability SLA

What is AWS Network Firewall?

AWS Network Firewall is a fully managed network firewall service with granular control over VPC traffic. The service combines Stateful Packet Inspection, Intrusion Prevention System (IPS), Protocol Detection, and Domain Filtering.

Unlike Security Groups and NACLs, Network Firewall offers advanced functions at VPC level with deep packet inspection and Suricata-based threat detection.

Core Features

  • Stateful Inspection: Connection tracking for TCP/UDP/ICMP
  • Intrusion Prevention: Suricata-compatible IPS rules with daily updates
  • Domain Filtering: SNI and HTTP host header inspection
  • TLS Inspection: Decryption and inspection of HTTPS traffic
  • AWS Firewall Manager: Central policy management across accounts

Typical Use Cases

Central VPC Inspection: In hub-and-spoke architectures, Network Firewall filters all traffic between VPCs and to the internet. Central policies simplify compliance.

Malware Protection: AWS Managed Rules detect known malware families, C2 traffic, and exploit attempts. TLS inspection enables analysis of encrypted traffic.

Compliance Logging: All connections are logged and can be streamed to SIEM systems. Meets requirements of PCI DSS and other standards.

Benefits

  • Enterprise-grade firewall without infrastructure management
  • Automatic rule updates through AWS Managed Rules
  • Scales automatically up to 100 Gbps per endpoint
  • Integration with AWS Organizations for multi-account management

Integration with innFactory

As an AWS Reseller, innFactory supports you with AWS Network Firewall: We help with network architecture design, Suricata rule development, and migration from on-premises firewalls.

Available Tiers & Options

Recommended

Standard Protection

Strengths
  • Stateful inspection
  • Domain filtering
  • Protocol detection
Considerations
  • Additional costs for data processing

IPS with AWS Managed Rules

Strengths
  • Suricata-compatible IPS rules
  • Automatic updates by AWS
  • Open-Source Emerging Threats Rules
Considerations
  • Additional costs for Rule Groups

Typical Use Cases

VPC protection
Intrusion prevention
Traffic filtering
Network security

Technical Specifications

Deployment Multi-AZ with automatic failover
Logging CloudWatch, S3, Kinesis Data Firehose
Protocols TCP, UDP, ICMP, HTTP, TLS, DNS
Rule capacity 30,000 Stateful Rules per firewall
Rule formats Suricata, 5-tuple, Domain-based
Throughput Up to 100 Gbps per endpoint

Frequently Asked Questions

What is AWS Network Firewall?

AWS Network Firewall is a managed firewall service with stateful inspection, intrusion prevention, and domain filtering for VPCs. It uses Suricata as IPS engine and provides advanced filtering beyond Security Groups.

When should I use Network Firewall instead of Security Groups?

Use Network Firewall for IPS with Suricata rules, domain-based filtering, central policies across multiple VPCs, and compliance requirements with central logging. Security Groups remain for instance-level access control.

Which rule types are supported?

Stateless rules for fast 5-tuple filtering, stateful rules with connection tracking, Suricata-compatible IPS rules for deep packet inspection, and domain-based rules for HTTP/HTTPS filtering.

What do AWS Managed Rule Groups cost?

Threat Signatures IPS costs approximately 0.01 EUR per GB in addition to standard data processing. Rules are automatically updated daily.

Quick Links

Documentation Pricing Console

AWS Cloud Expertise

innFactory is an AWS Reseller with certified cloud architects. We provide consulting, implementation, and managed services for AWS.

Comparable Products from Other Clouds

As a multi-cloud partner, we help you choose the right platform for your specific requirements.

Ready to start with AWS Network Firewall - VPC Protection?

Our certified AWS experts help you with architecture, integration, and optimization.

Schedule Consultation