How to set transit gateway as Target for the default route “local” route for for inter-subnet (east-west) inspection through firewall deployed in separate networking account

0

Dear All,

We have different workload accounts and centralize networking account where we have deployed AWS network firewall for inter-subnet (east-west) traffic inspection. We would like to have the centralize firewall for east-west traffic for all accounts and each subnet within VPC should go to transit gateway and then to firewall (inspection of east-west) deployed in networking account.

Kindly guide how to route the default local route (like 10.0.0.0/16) to transit gateway. Is it supported?

I have tried to set the transit gateway eni (network interface) as a target for default route

3 Answers
0

Hi Tushar,

Thank you for responding. I have reviewed the articles, and they focus on east-west traffic inspection between VPCs. However, in our scenario, we intend to route different subnets of a single VPC through the firewall. The firewall is deployed in the network account and connected via a transit gateway.

answered 3 months ago
  • Thanks for the clarification. I updated my answer.

0

Hi,

So to route the traffic between different subnets of a single VPC, a AWS network firewall in each VPC needs to deploy?

We can not have a centralized AWS network firewall for traffic inspection of subnets in same VPC.

answered 3 months ago
  • That is correct.

0

You can not route traffic between different subnets of a single VPC via TGW and inspection VPC.

For your use-case you can use the VPC MSR (more specific routing) feature to steer the traffic via ANFW, see the below blog (see the pattern: "AWS Network Firewall is deployed to protect traffic between two different subnets in the same VPC.")

https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws-network-firewall-with-vpc-routing-enhancements/

profile pictureAWS
EXPERT
answered 3 months ago
profile picture
EXPERT
reviewed 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions