AWS Network Firewall
Introduction
AWS Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for your virtual private cloud (VPC) that you create in Amazon Virtual Private Cloud (Amazon VPC).
Getting Started
Compatibility
vuSmartMaps support monitoring both Stateful and Stateless Firewalls in your AWS Network Firewall
Data Collection Method
vuSmartmaps collects health and performance data for AWS Network Firewall using VuNet's Internal Data Collector.
Prerequisites
Dependent Configuration
To configure this O11ySource, create a 'credential' of type 'aws' under the 'Definition' tab.
Inputs for Configuring Data Source
- Data Source Name: Data source name to uniquely identify the source.
- Region: AWS Region where the instance of this component is running. For eg: Asia Pacific (Mumbai), the region would be ap-south-1
- AWS Credential: AWS credential that provides Access key and Secret key to access Cloudwatch.
- Polling Frequency: Specifies the interval in seconds at which data is collected. Data collection occurs once every specified period.
Firewall Requirement
To collect data from this O11ySource, ensure the following ports are opened:
| Source IP | Destination IP | Destination Port | Protocol | Direction |
|---|---|---|---|---|
| IP address(es) of the vuSmartmaps Server | AWS CloudWatch Endpoint | 443 | TCP | Outbound |
*Before providing the firewall requirements, please update the port based on the customer environment.
Configuring the Target
Health and Performance metrics of AWS Network Firewall is collected through AWS CloudWatch service. So AWS CloudWatch services must be enabled in your AWS account.
An IAM role or user with the following permissions to access CloudWatch metrics.
- cloudwatch:GetMetricData
- cloudwatch:ListMetrics
- cloudwatch:GetMetricStatistics
Configuration Steps
Metrics Collected
| Name | Description | Data Type |
|---|---|---|
| DroppedPackets | Number of packets dropped due to rule actions. | UInt64 |
| InvalidDroppedPackets | Number of packets dropped for failing packet validation due to issues with the packet. | UInt64 |
| OtherDroppedPackets | Number of packets dropped due to reasons other than those described by InvalidDroppedPackets or DroppedPackets. | UInt64 |
| Packets | Number of packets inspected for a firewall policy or stateless rulegroup for which a custom action is defined. This metric is only used for the dimension CustomAction | UInt64 |
| PassedPackets | Number of packets that the Network Firewall firewall allowed through to their destinations. | UInt64 |
| ReceivedPackets | Number of packets received by the Network Firewall firewall. | UInt64 |
| RejectedPackets | The number of packets rejected due to Reject stateful rule actions. For information about stateful actions, see Stateful actions. | UInt64 |
| StreamExceptionPolicyPackets | The number of packets matching the firewall policy's stream exception policy. | UInt64 |
| TLSDroppedPackets | Number of packets dropped by Network Firewall while inspecting SSL/TLS packets. | UInt64 |
| TLSErrors | Number of errors observed by Network Firewall while inspecting SSL/TLS packets | UInt64 |
| TLSPassedPackets | Number of packets passed by Network Firewall while inspecting SSL/TLS packets. | UInt64 |
| TLSReceivedPackets | Number of SSL/TLS packets received by the Network Firewall firewall | UInt64 |
| TLSRejectedPackets | Number of packets rejected by Network Firewall while inspecting SSL/TLS packets. | UInt64 |
| TLSRevocationStatusOKConnections | The number of SSL/TLS connections to TLS servers whose certificates have been confirmed as not revoked. | UInt64 |
| TLSRevocationStatusRevokedConnections | The number of SSL/TLS connections to TLS servers whose certificates have been confirmed as revoked. | UInt64 |
| TLSRevocationStatusUnknownConnections | The number of SSL/TLS connections to TLS servers whose certificates revocation status is unknown or could not be determined by the firewall. | UInt64 |
| TLSTimedOutConnections | Number of SSL/TLS connections that timed out during SSL/TLS inspection by Network Firewall. | UInt64 |
| Timestamp | Time the data is generated in the target machine | DateTime64 |
| host | Host - Data collection host | String |
| Tenant Id | Tenant Id | LowCardinality(String) |
| BU Id | BU Id | LowCardinality(String) |
| Region | AWS Region | LowCardinality(String) |
| Engine | AWS Firewall Engine | LowCardinality(String) |
| Firewall Name | AWS Firewall Name | String |
| Availability Zone | AWS Availability Zone | LowCardinality(String) |
