Firewall settings - AWS Network Firewall

Firewall settings

A firewall has the following top-level settings.

  • Name – The identifier for the firewall. You assign a unique name to every firewall. You can't change the name of a firewall after you create it.

  • Description – Optional additional information about the firewall. Fill in any information that might help you remember the purpose of the firewall and how you want to use it. The description is included in firewall lists in the console and through the APIs.

  • VPC – The VPC that's associated with the firewall. This is the VPC that the firewall provides protection for.

  • Subnets – The subnets to use for your firewall endpoints. You can specify up to one subnet for each Availability Zone that your VPC spans. See Configuring your VPC and other components for AWS Network Firewall.

  • Firewall policy – The firewall policy that's associated with the firewall. The firewall policy provides the monitoring and protection behavior for the firewall. You can use the same firewall policy for more than one firewall. For more information about firewall policies, see Firewall policies in AWS Network Firewall.

  • Logging – The type and location of the logs that Network Firewall provides for the firewall's stateful rules engine. You can enable flow logging for the network traffic that passes through the stateful rules engine. You can also enable alert logging for traffic that matches the stateful rules that have an action setting of Alert or Drop. For more information, see Logging network traffic from AWS Network Firewall, and Stateful actions.

  • Tags – Zero or more key-value tag pairs. A tag is a label that you assign to an AWS resource. You can use tags to search and filter your resources and to track your AWS costs. For more information, see Tagging AWS Network Firewall resources.

  • Delete protection – A Boolean setting that is enabled when you create a firewall, and protects against accidental deletion of the firewall. The setting isn't shown in the console because the firewall deletion process disables this protection. Through the API, you must explicitly disable delete protection before you can delete the firewall.