AWS Network Firewall enhances application layer traffic controls

AWS Network Firewall Enhancements

AWS Network Firewall now provides enhanced default rules to handle TLS client hellos and HTTP requests split across multiple packets. This update introduces new application layer drop and alert established default stateful actions, enabling customers to maintain security controls while supporting modern TLS implementations and large HTTP requests.

These enhancements help customers implement robust security policies without writing complex custom rules. Security teams can now effectively inspect and filter traffic where key information is segmented across multiple packets, while maintaining visibility through detailed logging options, making it easier to secure applications using modern protocols and encryption standards.

This capability is available in all AWS Regions where AWS Network Firewall is supported.

What to do

• Review the new default rules and stateful actions in the AWS Network Firewall service documentation.
• Update your security policies to leverage the new capabilities for enhanced security.
• Monitor detailed logging options to maintain visibility and control over your network traffic.

Source: AWS release notes