Network Firewall V2

Stateful L7 inspection firewall.

Managed network firewall with deep packet inspection, TLS decryption, IDS/IPS, and domain filtering. Protect entire VPCs with centralized policies.

Create firewall View docs
FIREWALLL7 DPI

L3-L7

Inspection

Decrypt & inspect

TLS

Built-in

IDS/IPS

100 Gbps

Throughput

Inspect everything.

L7 stateful firewall with TLS decryption and IDS/IPS.

L7 deep inspection

Stateful inspection at layers 3 through 7. Protocol-aware analysis.

TLS decryption

Decrypt TLS 1.3 traffic for inspection. No blind spots.

IDS/IPS

Intrusion detection and prevention with Suricata-compatible rules.

100 Gbps throughput

Auto-scaling to 100 Gbps. No performance bottleneck.

Domain filtering

Allow/deny by domain name, including wildcard domains.

Alert management

Real-time alerts with severity classification and automated responses.

Getting started

Launch your first instance in three steps. CLI, console, or API — your choice.

Terminal
ur network firewall create perimeter \
  --vpc=my-vpc --type=stateful

Firewall patterns.

Perimeter security and compliance filtering.

Network perimeter security

Deep packet inspection for all VPC ingress/egress traffic.

View tutorial

Suggested configuration

L7 · TLS decrypt · IDS/IPS

Estimate your costs

Create detailed configurations to see exactly how much your architecture will cost. Pay for what you use, down to the second.

Configuration 1

Estimated: $207.50/mo

Firewall

Traffic & Bandwidth

GB

Add-ons

Advanced Logging & AnalyticsDetailed flow logs (+$0.01/GB)
Cross-region HAActive-active failover
Config 1 cost$207.50

Cost details

$207.50

Managed firewall with FQDN filtering and IDS/IPS.

Configuration 1
$207.50
Data Processing$7.50
2 Endpoint(s)$200.00
Share

Works seamlessly with

VPC
Transit Gateway
WAF
IAM
SIEM
Monitoring

Frequently asked questions

Inspect everything.

L7 stateful firewall with TLS decryption and IDS/IPS.

Create firewall View docs