Architecture with an internet gateway and a NAT gateway - AWS Network Firewall

Architecture with an internet gateway and a NAT gateway

You can add a network address translation (NAT) gateway to your AWS Network Firewall architecture, for the areas of your VPC where you need NAT capabilities. AWS provides NAT gateways decoupled from your other cloud services, so you can use it in your architecture only where you need it. This can help you reduce load and load costs. For information about NAT gateways, see NAT gateways in the Amazon Virtual Private Cloud User Guide.

Note

To use a NAT gateway with Network Firewall in your VPC, you must place it between the firewall subnet and the customer subnets within the VPC. Amazon VPC doesn't support more specific routing.

The following figure depicts a VPC configuration for Network Firewall with an internet gateway and a NAT gateway.