--- title: "Amazon Web Services (AWS) Cloud Technology launches a preview version of AWS Network Firewall Proxy, simplifying managed outbound security" type: "News" locale: "en" url: "https://longbridge.com/en/news/271165123.md" description: "Amazon Web Services (AWS) Cloud Technology has launched a preview version of the AWS Network Firewall proxy, aimed at simplifying managed outbound security. This service integrates with the NAT Gateway, allowing users to manage security policies for VPC outbound access. The proxy employs a three-stage model to evaluate traffic and supports TLS interception and direct encrypted tunnels. Although this service can reduce management burdens in centralized settings, it currently only supports HTTP/HTTPS traffic, limiting its universality" datetime: "2025-12-30T18:51:00.000Z" locales: - [zh-CN](https://longbridge.com/zh-CN/news/271165123.md) - [en](https://longbridge.com/en/news/271165123.md) - [zh-HK](https://longbridge.com/zh-HK/news/271165123.md) --- # Amazon Web Services (AWS) Cloud Technology launches a preview version of AWS Network Firewall Proxy, simplifying managed outbound security Amazon Web Services (AWS) recently launched a preview version of the AWS Network Firewall Proxy, a managed service for proxy management and deployment. According to the company, this service allows customers to focus more on managing the security policies for their VPC outbound access. The Network Firewall Proxy integrates with the NAT Gateway service, which runs within the VPC and handles IP address translation for outbound traffic. Users' applications can connect to the proxy from local and remote VPCs through specific VPC interface endpoints supported by the proxy. https://static001.geekbang.org/infoq/32/32a8f9868f7ac4572ed9865f6fbe5bb2.png (Source: ) Unlike traditional transparent firewalls, this proxy inspects network traffic by handling HTTP CONNECT requests and establishing connections on behalf of applications. It employs a sequential three-stage model to evaluate traffic: Access rules can be applied at each stage; if traffic is blocked in the earlier stages, subsequent stages are not triggered, optimizing processing efficiency. Users can configure the Network Firewall Proxy to intercept TLS or allow TLS to pass through without processing. If TLS interception is enabled, the proxy generates certificates for the target address, enabling it to inspect HTTP layer content and apply policies. However, workloads must trust the certificate authority of the proxy. Conversely, when interception is disabled, an end-to-end encrypted tunnel is established directly between the workload and the destination, preventing the proxy from decrypting the payload and limiting policy enforcement to unencrypted metadata such as DNS, IP addresses, or SNI. Architecturally, the service supports both distributed (per VPC) and centralized models. In a centralized setup, engineers can route outbound traffic from multiple VPCs to a single proxy endpoint using Transit Gateway or Cloud WAN, significantly reducing the management "burden" of patching and scaling traditional self-hosted Squid clusters. However, as Ivo Pinto pointed out, a key limitation is that the proxy is only applicable to HTTP/HTTPS traffic, making it a specialized tool rather than a general-purpose network firewall. In a blog post about the Network Firewall Proxy, the author wrote: Currently, the service is in preview. Kayesee commented in a Reddit discussion: Finally, more details about the proxy can be found at ## Related News & Research - [AWS targets AI slop with new spec check in Kiro coding tool, amid scrutiny of agent reliability](https://longbridge.com/en/news/286140942.md) - [How to Invest in AMZN Stock as Amazon Launches AWS 2.0 — Amazon Supply Chain Services](https://longbridge.com/en/news/285558199.md) - [Artemis: Revaluing the AI Agent Economy (Coinbase)](https://longbridge.com/en/news/286035911.md) - [Fiserv has co-created AI agents with six banks and OpenAI](https://longbridge.com/en/news/286404764.md) - [Microsoft exec Shawn Bice returns to AWS to lead reliability push for AI agents](https://longbridge.com/en/news/286002774.md)