VPC peering and Network Firewall

Question

i am confuse AWS network firewall and peering section.
As per AWS documents, it said 
**AWS Network Firewall cannot be deployed to inspect traffic between VPCs that are peered together; **

i did vpc peering VPC 1 (10.1.1.0/16)and VPC2 ( 10.2.1.0/16).
VPC 1 have one private subnet ( 10.1.2.0/24) behind the firewall 
VPC 2 have one private subnet ( 10.2.2.0/24) behind the firewall 
I have the one private route table destination 10.2.2.0/24 next hop is firewall ID or interface in VPC 2.
I add one route to go 10.2.2.0/24 next hop is peer ID in VPC one private route.
I have the one private route table destination 10.1.2.0/24 next hop is firewall ID or interface in VPC 1.
I add one route to go 10.1.2.0/24 next hop is peer ID in VPC 2.

let me know this traffic will pass firewall ? If AWS firewall is didn't support to inspect network traffic if we are using peering ?
 can we use third party firewall to inspect traffic?

Answer

VPC-VPC (east-west) traffic inspection is support with Centralized VPC deployment model with AWS Network Firewall. You will need to leverage Transit Gateway for routing traffic between VPCs. VPC-Peering is not a supported deployment model.

You can the reference blog for details.
https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws-network-firewall/

VPC peering and Network Firewall

相关内容