AWS Network Firewall and VPN Gateway

Question

I want to be able to use FQDN filtering on outbound traffic over the VPN. I can't get it to work. 
It looks like AWS Network Firewall doesn't support VPN Gateways. Is this correct and is there some way around it? A transit  gateway perhaps?

Answer

North-South: Centralized on-premises egress & ingress via Transit Gateway and Transit VIF/Direct Connect gateway/AWS Site-to-Site VPN

![Enter image description here](/media/postImages/original/IMKWuOpLuvTHGcjR-i77Qb5w)

Please refer this [blog](https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws-network-firewall/)

Answer

You're correct; the workaround today is to use a Transit Gateway; attach the VPN to the Transit Gateway; and then inspect using Network Firewall either within the source VPC or by using route tables on the Transit Gateway to send traffic to an inspection VPC.

AWS Network Firewall and VPN Gateway

相关内容