Inspecting SSL/TLS traffic with TLS inspection configurations

Amazon Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must import or provision certificates to Amazon Certificate Manager, create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall.

Topics

Considerations when working with TLS inspection configurations
Pricing for TLS inspection configurations
Using SSL/TLS certificates with TLS inspection configurations
TLS inspection configuration settings
Managing your TLS inspection configuration in Network Firewall

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Deleting a resource group

Considerations when working with TLS inspection configurations