Protect your entire VPC
- From Layer 3 to 7
- Any direction, you can inspect
- VPC to VPC
- Ingress, egress
- Direct Connect, S2S VPN
- Internally, Network firewall uses the AWS Gateway Load Balancer
- Can be managed via Firewall Manager
AWS Network Firewall provides some advantages over NACLs alone. NACLs provide only stateless packet filtering, whereas AWS Network Firewall provides web filtering, intrusion detection and prevention, stateless and stateful packet filtering, and centralized visibility of all your traffic.