Architecture with an internet gateway and a NAT gateway - Amazon Network Firewall
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Architecture with an internet gateway and a NAT gateway

You can add a network address translation (NAT) gateway to your Amazon Network Firewall architecture, for the areas of your VPC where you need NAT capabilities. Amazon provides NAT gateways decoupled from your other cloud services, so you can use it in your architecture only where you need it. This can help you reduce load and load costs. For information about NAT gateways, see NAT gateways in the Amazon Virtual Private Cloud User Guide.

The following figure depicts a VPC configuration for Network Firewall with an internet gateway and a NAT gateway.