- Newest
- Most votes
- Most comments
Hi Tushar,
Thank you for responding. I have reviewed the articles, and they focus on east-west traffic inspection between VPCs. However, in our scenario, we intend to route different subnets of a single VPC through the firewall. The firewall is deployed in the network account and connected via a transit gateway.
Hi,
So to route the traffic between different subnets of a single VPC, a AWS network firewall in each VPC needs to deploy?
We can not have a centralized AWS network firewall for traffic inspection of subnets in same VPC.
That is correct.
You can not route traffic between different subnets of a single VPC via TGW and inspection VPC.
For your use-case you can use the VPC MSR (more specific routing) feature to steer the traffic via ANFW, see the below blog (see the pattern: "AWS Network Firewall is deployed to protect traffic between two different subnets in the same VPC.")
Relevant content
- Accepted Answerasked 3 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
Thanks for the clarification. I updated my answer.