AWS Network Firewall updates default drop action for improved connection reliability
AWS Network Firewall now uses "Application drop established (server-directed only)" as the default stateful action for all newly created firewall policies, replacing the previous default of "Application drop established (bidirectional)" (formerly named "Application layer drop established"). No action is required to benefit from this change when creating new policies. AWS Network Firewall is a managed service that lets you deploy network protections across your Amazon VPCs. Previously, the “Application drop established (bidirectional)” default could silently drop legitimate server-to-client TCP
AWS is continuously refining its services to improve reliability and user experience based on operational feedback.
This update primarily addresses a technical detail in network firewall policy, reducing potential configuration issues for new deployments.
New AWS Network Firewall policies will now have a more robust default behavior for handling established connections, reducing silent packet drops.
- · AWS customers
Newly created AWS Network Firewall policies will exhibit improved connection reliability and fewer unexpected drops.
Network engineers managing AWS environments may experience a slight reduction in debugging time for connectivity issues related to firewall configuration.
The overall operational stability of applications hosted on AWS could marginally improve due to better default network security configurations.
This signal links to a primary source. Continuum Brief monitors and indexes it as part of the live intelligence stream — we do not republish source content.
Read at AWS What's New