AWS Network Firewall metrics

Once you’ve integrated with AWS CloudWatch, you have access to all metrics for AWS Network Firewall, which is a service that manages firewall that aims to protect Amazon VPCs.

You can create a pre-built dashboard for this integration when you add the integration to Cloud Observability or from the Dashboard list view.

To verify metrics are reporting, search for the metrics on the Metric details page in Settings.

The following table shows the Network Firewall metrics ingested by Cloud Observability.

Metric Name Unit Description
aws.networkfirewall.dropped_packets count The number of packets dropped as a result of rule actions.
aws.networkfirewall.invalid_dropped_packets count The number of packets dropped for failing packet validation due to issues with the packet.
aws.networkfirewall.other_dropped_packets count The total number of packets dropped for reasons other than those listed in InvalidDroppedPackets or DroppedPackets.
aws.networkfirewall.packets count The number of packets that are inspected for a firewall policy or stateless rulegroup that has a custom action defined.
aws.networkfirewall.passed_packets count The number of packets allowed through the Network Firewall to their destinations.
aws.networkfirewall.received_packet_count count The Network Firewall received the number of packets.
aws.networkfirewall.availability_zone zone The Region's Availability Zone where the Network Firewall is active.

See also

Ingest metrics from Amazon

Create and manage dashboards

Create alerts

Updated Dec 20, 2022