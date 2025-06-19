Choose the right firewall for your environment.

One of the primary challenges that cloud customers face is ensuring enterprise-grade security between their AWS organisation’s virtual private clouds (VPCs) and external networks. A common approach to enhance the security within the customers' AWS landing zone is to implement a centralised firewall to control and inspect network traffic flows.

One way to strengthen security is by using a hub-and-spoke architecture whereby the solution integrates easily with other cloud-native resources – a great example of this is AWS Transit Gateway. This design routes all VPC traffic through the centralised firewall for inspection, offering better control and visibility across the environment.

“At BBD, we specialise in building secure, scalable cloud environments using infrastructure as code (IAC),” says Warren Gurney, AWS solutions architect at BBD Cloud Solutions. “Our approach ensures fast, repeatable deployments using pre-built Terraform modules.”

Clayton York, also an AWS Solutions Architect at BBD, adds: “We’ve successfully implemented a range of firewall solutions for enterprise clients using our proven Terraform IAC templates.”

These templates allow for quick provisioning of landing zones that support:

AWS Network Firewall

FortiGate Firewalls

FortiWeb Web Application Firewalls (WAFs)

In this press release, Gurney and York – both certified AWS Solutions Architect Professionals and AWS Network Specialists – explore how to choose the right firewall for your environment and how BBD Cloud Solutions can support your security journey.

Key considerations when choosing a firewall solution

When selecting a firewall solution for your AWS environment, it's important to weigh a few key factors to ensure the right fit for your business:

Architectural familiarity: Choose a solution aligned with the skills and preferences of your existing teams Centralised vs decentralised models: Centralised architectures simplify management and policy enforcement. They also tend to be more cost-effective and easier to monitor at scale. Cost implications: Be conscious of costs, including infrastructure costs, data transfer charges and licensing/subscription fees

Recommended firewall options

Choosing the right firewall solution depends on your organisation’s architecture, security requirements and team expertise. Here’s a quick comparison of the most common choices:

1. AWS Network Firewall

For organisations looking to stay entirely within the AWS ecosystem, AWS Network Firewall offers a fully managed, scalable solution that integrates seamlessly into IAC workflows.

2. FortiGate Firewall by Fortinet

Deployed in an Active/Standby configuration, FortiGate is a robust, enterprise-grade solution that brings familiar security features and flexibility to AWS environments.

3. Ingress Web Application Firewall (WAF)

For protecting web-facing applications, two key options exist depending on your team’s preferences and the desired level of control.

AWS Application Load Balancer + AWS WAF

AWS Network Load Balancer + FortiWeb

“We’re seeing more clients opting for FortiGate,” Gurney notes, “largely because their internal teams are already familiar with the Fortinet ecosystem. That existing knowledge helps accelerate implementation and streamlines operations.”

That said, the right choice ultimately depends on your business needs, technical landscape and cost tolerance.

How BBD Cloud Solutions can help

BBD’s Cloud Solutions team offers enterprise-grade security implementations tailored to your specific architecture and business requirements. Using BBD's battle-tested Terraform modules, the company enables rapid provisioning, automated deployments and full integration into your existing CI/CD pipelines.

Whether you're migrating workloads, scaling operations or fortifying your cloud infrastructure – BBD has got you covered with secure, scalable firewall solutions designed for AWS.

Want to learn more or get started with a secure cloud solution? Contact BBD's Cloud Solutions team today.