VPC peering and Network Firewall
i am confuse AWS network firewall and peering section. As per AWS documents, it said **AWS Network Firewall cannot be deployed to inspect traffic between VPCs that are peered together; **
i did vpc peering VPC 1 (10.1.1.0/16)and VPC2 ( 10.2.1.0/16). VPC 1 have one private subnet ( 10.1.2.0/24) behind the firewall VPC 2 have one private subnet ( 10.2.2.0/24) behind the firewall I have the one private route table destination 10.2.2.0/24 next hop is firewall ID or interface in VPC 2. I add one route to go 10.2.2.0/24 next hop is peer ID in VPC one private route. I have the one private route table destination 10.1.2.0/24 next hop is firewall ID or interface in VPC 1. I add one route to go 10.1.2.0/24 next hop is peer ID in VPC 2.
let me know this traffic will pass firewall ? If AWS firewall is didn't support to inspect network traffic if we are using peering ? can we use third party firewall to inspect traffic?
VPC-VPC (east-west) traffic inspection is support with Centralized VPC deployment model with AWS Network Firewall. You will need to leverage Transit Gateway for routing traffic between VPCs. VPC-Peering is not a supported deployment model.
You can the reference blog for details. https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws-network-firewall/
Relevant questions
Domain Allowlist AWS Network Firewall
asked 3 months agoCan AWS Network Firewall allow traffic from an instance using its tags or some other metadata
Accepted Answerasked 5 months agoAWS Network Firewall Managed Signatures
asked 2 months agoAWS Network Firewall Domain list Port
asked 2 months agoVPC peering and Network Firewall
asked 4 months agoRouting network traffic between two EC2 instances in the same subnet to a firewall appliance in another VPC
Accepted Answerasked 5 months agoNetwork Firewall sometimes misses L7
asked 4 months agoNetwork Firewall
asked 21 days agoTransit Gateway and AWS Network Firewall
Accepted Answerasked a year agoNetwork Firewall
asked 21 days ago