AWS Security Academy · Lesson

What AWS Network Firewall Provides

Understand managed, VPC-wide intrusion filtering and inspection.

A VPC-Wide Firewall

AWS Network Firewall is a managed, stateful network firewall and intrusion prevention service for your VPC. Unlike security groups (per resource) or NACLs (per subnet), it provides deep, VPC-wide traffic inspection and filtering managed by AWS, scaling automatically with your traffic.

Beyond Layers 3 and 4

Security groups and NACLs filter on IP, port, and protocol only. Network Firewall adds deep packet inspection and can match on domain names, protocols, and attack signatures, giving you intrusion-prevention-style filtering inside the VPC that the simpler firewalls cannot provide.

All lessons in this course

What AWS Network Firewall Provides
Stateful Rule Groups and Suricata Rules
Domain Filtering and Egress Control
Securing the CloudFront Edge

← Back to AWS Security Academy