AWS Network Firewall
Introduction
AWS Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for your virtual private cloud (VPC) that you create in Amazon Virtual Private Cloud (Amazon VPC).
Getting Started
Compatibility
vuSmartMaps support monitoring both Stateful and Stateless Firewalls in your AWS Network Firewall.
Data Collection Method
vuSmartmaps collect health and performance data for AWS Network Firewall O11ySource using an internal agent. This agent collects data based on the source's configuration.
Prerequisites
Dependent Configuration
To configure this O11ySource, create a 'credential' of type 'aws' under the 'Definition' tab.
Inputs for Configuring Data Source
- Data Source Name: The AWS ALB data source that will uniqly identify the source.
- AWS Region: AWS Region where the instance of this component is running. For eg: Asia Pacific (Mumbai), the region would be ap-south-1.
- AWS Credential: AWS credential that provides Access key and Secret key to access Cloudwatch.
- Period (in minutes): Specifies the interval in minutes at which data is collected. Data collection occurs once every specified period. The period should be between 1 - 60 minutes.
Firewall Requirement
To collect data from this O11ySource, ensure the following ports are opened:
| Source IP | Destination IP | Destination Port | Protocol | Direction |
|---|---|---|---|---|
| vuSmartMaps IP | AWS CloudWatch IPs | 443* | TCP | Outbound |
*Before providing the firewall requirements, please update the port based on the customer environment.
Configuring the Target
Health and Performance metrics of AWS Network Firewall is collected through CloudWatch service. So AWS CloudWatch services must be enabled in your AWS account.
An IAM role or user with the following permissions to access CloudWatch metrics:
- cloudwatch:GetMetricData
- cloudwatch:ListMetrics
Configuration Steps
- Enable the AWS Network Firewall O11ySource.
- Select the Sources tab and press the
+button to add a new ALB instance to be monitored. - Populate all the configurations. Click on
Saveto create the instance.
Metrics Collected
| Name | Description | Data Type |
|---|---|---|
| dropped_packets_sum | Total number of packets dropped by the system. | UInt64 |
| invalid_dropped_packets_sum | Total number of invalid packets that were dropped. | UInt64 |
| other_dropped_packets_sum | Total number of packets dropped for other unspecified reasons. | UInt64 |
| packets_sum | Total number of packets processed by the system. | UInt64 |
| passed_packets_sum | Total number of packets that successfully passed through the firewall. | UInt64 |
| received_packets_sum | Total number of packets received by the system. | UInt64 |
| rejected_packets_sum | Total number of packets rejected by the firewall. | UInt64 |
| stream_exception_policy_packets_sum | Total number of packets dropped due to stream exception policies. | UInt64 |
| tls_dropped_packets_sum | Total number of TLS packets dropped by the system. | UInt64 |
| tls_errors_sum | Total number of errors encountered during TLS packet processing. | UInt64 |
| tls_passed_packets_sum | Total number of TLS packets successfully processed and passed. | UInt64 |
| tls_received_packets_sum | Total number of TLS packets received by the system. | UInt64 |
| tls_rejected_packets_sum | Total number of TLS packets rejected by the firewall. | UInt64 |
| tls_revocation_status_ok_connections_sum | Total number of connections with an OK revocation status. | UInt64 |
| tls_revocation_status_revoked_connections_sum | Total number of connections with a revoked revocation status. | UInt64 |
| tls_revocation_status_Unknown_connections_sum | Total number of connections with an unknown revocation status. | UInt64 |
| tls_timed_out_connections_sum | Total number of connections that timed out during TLS processing. | UInt64 |
| timestamp | The timestamp of the data record in high precision. | DateTime64 |
| host | The hostname of the system where the data was collected. | String |
| tenant_id | The identifier for the tenant associated with the data. | LowCardinality(String) |
| bu_id | The business unit identifier associated with the data. | LowCardinality(String) |
| region | The geographical region where the system is located. | LowCardinality(String) |
| engine | The engine or technology managing the firewall (e.g., software version). | LowCardinality(String) |
| firewall_name | The name of the firewall device. | String |
| availability_zone | The availability zone where the system or firewall resides. | LowCardinality(String) |
