You can follow this blog to transitioning from Network Virtual appliances to Network Firewall.
Following deployment models are explained in this blog -
- Distributed AWS Network Firewall deployment model: AWS Network Firewall is deployed into each individual VPC.
- Centralized AWS Network Firewall deployment model: AWS Network Firewall is deployed into centralized VPC for East-West (VPC-to-VPC) and/or North-South (internet egress and ingress, on-premises) traffic. We refer to this VPC as inspection VPC throughout this blog post.
- Combined AWS Network Firewall deployment model: AWS Network Firewall is deployed into centralized inspection VPC for East-West (VPC-to-VPC) and subset of North-South (On Premises/Egress) traffic. Internet ingress is distributed to VPCs which require dedicated inbound access from the internet and AWS Network Firewall is deployed accordingly.
You can refer this blog for routing configuration however this is GLB use case.
Thanks, this blog seems useful.
Transit Gateway and AWS Network FirewallAccepted Answer
Can we form AWS Transit Gateway attachments using <1Gbps hosted DX?Accepted Answerasked 3 years ago
Network Firewallasked 4 months ago
Migration from Transit VPC to AWS Transit GatewayAccepted Answerasked 2 years ago
Network Firewall and API Gateway : how to ?asked 3 hours ago
AWS Network Firewall and VPN Gatewayasked 15 days ago
Security VPC is not working with Transit GatewayAccepted Answer
VPC peering and Network Firewallasked 7 months ago
Transit Gateway to Direct Connect Gateway to Transit GatewayAccepted Answerasked 3 years ago
Transit Gateway and SD-WANAccepted Answerasked 3 years ago