@@caiovitormoreira5445 Yup. I see that now too. My problem is now I'm trying to use transit gateway. So my original packet is coming from a different VPC, and the edge association won't let me add any VPC CIDR other than that VPC. So no clue how to give my other VPC a route back to the FW endpoint. The instructions for this service seem to be lacking pretty badly. But thanks for responding and helping out with that!
Great presentation Maritza! I am really excited to get started with AWS Network Firewall!
Great explanation on Network firewall
Awesome presentation.
very informative presentation. Thanks so much.
It's our pleasure! 😀 🙌
In this video around time 19:42, it is said that SG either Allow or Deny, which is incorrect. SG only Allow (Whitelist) and no Deny option.
they do deny... just implicitly ;) .. if they didn't deny everything would be permitted..
15:43 and how do I do that? How does one change the RT for the igw?
This is a great question. What in the actual F is an internet gateway route table?? IT DOESN'T EXIST!!
i actually found out eventually. You can create a route table and go to edge association, and associate to IGWs or VGWs.
@@caiovitormoreira5445 Yup. I see that now too. My problem is now I'm trying to use transit gateway. So my original packet is coming from a different VPC, and the edge association won't let me add any VPC CIDR other than that VPC. So no clue how to give my other VPC a route back to the FW endpoint. The instructions for this service seem to be lacking pretty badly. But thanks for responding and helping out with that!
It seems Network Firewall is just better Network ACLs. Why would you use Network ACLs over Firewall?
Cost... The answer is always cost.
Nice work.