By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Network Firewall limiations

0

There are hard limits for AWS Network Firewall, namely:

  • Maximum stateful rule group capacity. For more information: 30,000
  • Maximum number of stateful rule groups per firewall policy: 20

Let's say I want to use AWS Managed Rules and also create my own rules and this is not possible, because AWS is providing 20 rule groups. Each set of managed rule groups counts as a single rule group toward the maximum number of stateful rule groups per firewall policy. So there is no space left for my own rule groups. What is really intereseting, it is not possible to use all of 20 AWS Managed rule groups, because when I try to use it it will exceed 30.000 capacity.

My question is, why these limits are so low?

Topics
Security, Identity, & Compliance
Tags
AWS Network Firewall
Language
English
rePost-User-6086106
asked 2 years ago298 views
1 Answer
0

You are right regarding trying to manage all stateful managed rule group will hit the 30000 hard limit. You can think rule groups as containers of rule groups, therefore you can group your rule groups by functionality (for example botnet, malware) and type (stateful/stateless) under separate policies which will give you the flexibility:

  • not to hit the limits
  • manage your rule groups and policies easily
profile pictureAWS
bullittbirant
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content