By using AWS re:Post, you agree to the Terms of Use

Transit Gateway and AWS Network Firewall

0

Currently we are using the Virtual firewall with Transit Gateway, can you please share the steps and best practice to transition from Virtual Firewall to AWS Network Firewall. Now Virtual FW is deployed on the Inspection VPC which is attached with the transit gateway and which is not behaving as expected.

Edited by: SunnyKbmf on Jul 9, 2021 2:49 PM

asked a year ago120 views
2 Answers
0
Accepted Answer

You can follow this blog to transitioning from Network Virtual appliances to Network Firewall.

https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws-network-firewall/

Following deployment models are explained in this blog -

  1. Distributed AWS Network Firewall deployment model: AWS Network Firewall is deployed into each individual VPC.
  2. Centralized AWS Network Firewall deployment model: AWS Network Firewall is deployed into centralized VPC for East-West (VPC-to-VPC) and/or North-South (internet egress and ingress, on-premises) traffic. We refer to this VPC as inspection VPC throughout this blog post.
  3. Combined AWS Network Firewall deployment model: AWS Network Firewall is deployed into centralized inspection VPC for East-West (VPC-to-VPC) and subset of North-South (On Premises/Egress) traffic. Internet ingress is distributed to VPCs which require dedicated inbound access from the internet and AWS Network Firewall is deployed accordingly.

You can refer this blog for routing configuration however this is GLB use case.
https://aws.amazon.com/blogs/networking-and-content-delivery/centralized-inspection-architecture-with-aws-gateway-load-balancer-and-aws-transit-gateway/

answered a year ago
0

Thanks, this blog seems useful.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions