Network Firewall

Definition

Managed service inspecting and filtering network traffic into and out of your VPC, blocking threats and enforcing security policies at the perimeter.

Use Cases

Provider Equivalents

Frequently Asked Questions

What's the difference between a Network Firewall and a security group?
A security group is a basic, instance-level (or interface-level) allow-list that controls which ports and protocols can reach a workload. A Network Firewall is a centralized, managed firewall that can inspect traffic more deeply (often stateful inspection, threat signatures, and advanced rule logic) and apply consistent policies across subnets/VPCs, including outbound (egress) controls and detailed logging.
When should I use a Network Firewall?
Use a Network Firewall when you need centralized traffic inspection and policy enforcement across multiple subnets or networks, especially for: (1) strict egress control to prevent data exfiltration, (2) inspecting east-west traffic between application tiers or VPCs, (3) blocking known malicious IPs/domains, (4) meeting compliance requirements that call for centralized firewalling and audit logs, or (5) replacing self-managed firewall appliances to reduce operational work.
How much does a Network Firewall cost?
Pricing is typically based on (1) hourly charges for firewall endpoints/instances, (2) the amount of data processed (GB), and sometimes (3) optional features like advanced threat inspection or logging. Costs increase with higher throughput, more availability zones/endpoints, and more traffic inspected. For accurate estimates, use the provider’s pricing page and calculator and model your expected GB processed and number of deployed endpoints.

Category: security

Difficulty: intermediate

Related Terms

See Also