By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

VPC peering and Network Firewall

0

i am confuse AWS network firewall and peering section. As per AWS documents, it said **AWS Network Firewall cannot be deployed to inspect traffic between VPCs that are peered together; **

i did vpc peering VPC 1 (10.1.1.0/16)and VPC2 ( 10.2.1.0/16). VPC 1 have one private subnet ( 10.1.2.0/24) behind the firewall VPC 2 have one private subnet ( 10.2.2.0/24) behind the firewall I have the one private route table destination 10.2.2.0/24 next hop is firewall ID or interface in VPC 2. I add one route to go 10.2.2.0/24 next hop is peer ID in VPC one private route. I have the one private route table destination 10.1.2.0/24 next hop is firewall ID or interface in VPC 1. I add one route to go 10.1.2.0/24 next hop is peer ID in VPC 2.

let me know this traffic will pass firewall ? If AWS firewall is didn't support to inspect network traffic if we are using peering ? can we use third party firewall to inspect traffic?

Topics
Security, Identity, & Compliance
Tags
AWS Network FirewallNetwork Load BalancerNetwork Security
Language
English
crypto
asked 2 years ago1548 views
1 Answer
1

VPC-VPC (east-west) traffic inspection is support with Centralized VPC deployment model with AWS Network Firewall. You will need to leverage Transit Gateway for routing traffic between VPCs. VPC-Peering is not a supported deployment model.

You can the reference blog for details. https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws-network-firewall/

AWS
GaryKo_AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content