Network firewall

FIREWALL:
A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.
-> Accept: allow the traffic
-> Reject: block the traffic but reply with an “unreachable
error”
-> Drop: block the traffic with no reply

A firewall establishes a barrier between secured internal networks and outside untrusted network, such as the Internet.

Network Firewall:

: It is a managed service that helps deploy network protections for Amazon VPCs. It Provides fine-grained network traffic control that allows you to restrict outbound requests to prevent malicious activity from spreading. Import previously created rules in common opensource rule formats and enable integrations with managed intelligence feeds from AWS partners. With AWS Firewall Manager, you can create policies based on AWS Network Firewall rules and then apply those policies centrally across your VPCs and accounts.
Features:
-> Automatically scales firewall capacity up or down based on the traffic load.
-> Supports inbound and outbound web filtering for unencrypted web traffic. The intrusion prevention system matches network traffic patterns to known threat signatures based on attributes.
->Centrally deploy and manage security policies across AWS Organizations apps, VPCs, and accounts.
-> AWS Network Firewall has a highly flexible rules engine.
-> AWS Network Firewall supports thousands of rules, and the rules can be based on domain, port, protocol, IP addresses, and pattern matching.

Concepts:
1) Firewall: A traffic filtering logic for VPC subnets. The firewall configuration provides the parameters for the Availability Zones and subnets in which the firewall endpoints are located.
2) Rule groups: A set of rules to match against VPC traffic and actions to do when a match is discovered. can create a custom rule group or use the one that is managed by AWS. The categories of rule groups are stateless and stateful. A designated subnet for a firewall endpoint is called a firewall subnet. A stateless rule examines a single network traffic packet without taking into account the context of other packets. While the inspection of network traffic packets in the context of their traffic flow is referred to as stateful rules.
3) Monitoring: You can use the following monitoring tools with Network Firewall:
. Amazon CloudWatch
. Amazon CloudWatch Logs
. AWS CloudTrail
. AWS Config

Firewall logging is only available for traffic that you route to the stateful rules engine. Traffic is forwarded to the stateful engine via stateless rule actions and default actions.
->Using a stateful engine, you can record flow logs and alert logs.
. Flow logs – standard network traffic flow logs.
. Alert logs – report traffic that matches your
stateful rules.
Logs contain the following information:
- firewall-name
- availability-zone
- event-timestamp
- Event

You can configure the destinations of your logs to various AWS services:
- Amazon S3
- CloudWatch Logs
- Kinesis Data Firehose
Pricing:
You are charged at an hourly rate for each firewall endpoint. You are charged for the amount of traffic, billed by the gigabyte, processed by the firewall endpoint. Data transferred across the AWS Network Firewall incur standard AWS data transfer fees