AWS Security ChangesHomeSearch

AWS network-firewall documentation change

Service: network-firewall · 2025-03-23 · Documentation low

File: network-firewall/latest/developerguide/what-is-aws-network-firewall.md

Summary

Added detailed definitions for 'Flows' and 'Firewall state table', restructured Suricata version note into a highlighted section with updated documentation link

Security assessment

Changes focus on clarifying existing functionality and documentation structure. No evidence of addressing a specific security vulnerability or weakness. Added concepts are operational explanations rather than security features.

Diff

diff --git a/network-firewall/latest/developerguide/what-is-aws-network-firewall.md b/network-firewall/latest/developerguide/what-is-aws-network-firewall.md
index d528f02f6..54bf8fe0e 100644
--- a/network-firewall/latest/developerguide/what-is-aws-network-firewall.md
+++ b/network-firewall/latest/developerguide/what-is-aws-network-firewall.md
@@ -11 +11,5 @@ AWS Network Firewall is a stateful, managed, network firewall and intrusion dete
-Network Firewall uses the open source intrusion prevention system (IPS), Suricata, for stateful inspection, and supports Suricata compatible rules. AWS Network Firewall supports Suricata version 7.0. For more information, see [Working with stateful rule groups in AWS Network Firewall](./stateful-rule-groups-ips.html) and the [Suricata website](https://suricata.io/). 
+Network Firewall uses the open source intrusion prevention system (IPS), Suricata, for stateful inspection, and supports Suricata compatible rules. For more information, see [Working with stateful rule groups in AWS Network Firewall](./stateful-rule-groups-ips.html).
+
+###### Note
+
+AWS Network Firewall supports Suricata version 7.0. This section and others that describe Suricata-based concepts are not intended to replace or duplicate information from the Suricata documentation. For more information, see the [Suricata website](https://docs.suricata.io/en/suricata-7.0.0/).
@@ -87,0 +92,6 @@ The following are the key concepts for Network Firewall:
+  * **Flows** – Network traffic that is monitored by a firewall, either by stateful or stateless rules. For traffic to be considered part of a flow, it must share Destination, DestinationPort, Direction, Protocol, Source, and SourcePort with other traffic. Flows that are processed by the firewall are tracked in the firewall state table and are visible in flow logs.
+
+  * **Firewall state table** – Table where Network Firewall tracks and maintains information about network traffic flows. The firewall state table only tracks flows that are processed by stateful rules. When traffic matches the criteria in a stateful rule, the firewall creates a flow entry in the firewall state table. These entries persist until they are either removed using a flow flush operation, naturally terminate, or time out due to inactivity. You can manage the firewall state table using specific operations. This is also known as the firewall table or state table.
+
+For information, see [Flow operations in your firewall](./firewall-flow-operations.html).
+