VPC peering and Network Firewall
i am confuse AWS network firewall and peering section. As per AWS documents, it said **AWS Network Firewall cannot be deployed to inspect traffic between VPCs that are peered together; **
i did vpc peering VPC 1 (10.1.1.0/16)and VPC2 ( 10.2.1.0/16). VPC 1 have one private subnet ( 10.1.2.0/24) behind the firewall VPC 2 have one private subnet ( 10.2.2.0/24) behind the firewall I have the one private route table destination 10.2.2.0/24 next hop is firewall ID or interface in VPC 2. I add one route to go 10.2.2.0/24 next hop is peer ID in VPC one private route. I have the one private route table destination 10.1.2.0/24 next hop is firewall ID or interface in VPC 1. I add one route to go 10.1.2.0/24 next hop is peer ID in VPC 2.
let me know this traffic will pass firewall ? If AWS firewall is didn't support to inspect network traffic if we are using peering ? can we use third party firewall to inspect traffic?
VPC-VPC (east-west) traffic inspection is support with Centralized VPC deployment model with AWS Network Firewall. You will need to leverage Transit Gateway for routing traffic between VPCs. VPC-Peering is not a supported deployment model.
You can the reference blog for details. https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws-network-firewall/
Domain Allowlist AWS Network Firewallasked 3 months ago
Can AWS Network Firewall allow traffic from an instance using its tags or some other metadataAccepted Answerasked 5 months ago
AWS Network Firewall Managed Signaturesasked 2 months ago
AWS Network Firewall Domain list Portasked 2 months ago
VPC peering and Network Firewallasked 4 months ago
Routing network traffic between two EC2 instances in the same subnet to a firewall appliance in another VPCAccepted Answerasked 5 months ago
Network Firewall sometimes misses L7asked 4 months ago
Transit Gateway and AWS Network FirewallAccepted Answerasked a year ago