En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

AWS Network Firewall limiations

0

There are hard limits for AWS Network Firewall, namely:

  • Maximum stateful rule group capacity. For more information: 30,000
  • Maximum number of stateful rule groups per firewall policy: 20

Let's say I want to use AWS Managed Rules and also create my own rules and this is not possible, because AWS is providing 20 rule groups. Each set of managed rule groups counts as a single rule group toward the maximum number of stateful rule groups per firewall policy. So there is no space left for my own rule groups. What is really intereseting, it is not possible to use all of 20 AWS Managed rule groups, because when I try to use it it will exceed 30.000 capacity.

My question is, why these limits are so low?

Sujets
Sécurité, identité et conformité
Balises
Pare-feu réseau AWS
Langue
English
rePost-User-6086106
demandé il y a 2 ans306 vues
1 réponse
0

You are right regarding trying to manage all stateful managed rule group will hit the 30000 hard limit. You can think rule groups as containers of rule groups, therefore you can group your rule groups by functionality (for example botnet, malware) and type (stateful/stateless) under separate policies which will give you the flexibility:

  • not to hit the limits
  • manage your rule groups and policies easily
profile pictureAWS
bullittbirant
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents