AWS network-firewall documentation change
Summary
Updated session-holding incompatibility note to include server-directed rules
Security assessment
Aligns with previous change by documenting expanded limitations of security features, but lacks evidence of vulnerability remediation.
Diff
diff --git a/network-firewall/latest/developerguide/suricata-limitations-caveats.md b/network-firewall/latest/developerguide/suricata-limitations-caveats.md index e5c791b11..5abfba5a7 100644 --- a//network-firewall/latest/developerguide/suricata-limitations-caveats.md +++ b//network-firewall/latest/developerguide/suricata-limitations-caveats.md @@ -45 +45 @@ The following Suricata features are not supported by Network Firewall: - * Application Layer drop established default rules are incompatible with a session-holding configuration. You can read more at [Managing evaluation order for Suricata compatible rules in AWS Network Firewall.](https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html) + * Application drop established (bidirectional) and Application drop established (server-directed only) default rules are incompatible with a session-holding configuration. You can read more at [Managing evaluation order for Suricata compatible rules in AWS Network Firewall.](https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html)