New Features - Cloud NGFW for AWS - March 2026

Cloud NGFW for AWS now supports IPv6 dual-stack (IPv4 + IPv6) traffic inspection to address the growing need for comprehensive security coverage as organizations migrate to IPv6-enabled infrastructures. Many cloud environments now run dual-stack configurations to support both legacy IPv4 systems and modern IPv6 services, but protecting both protocol types simultaneously has required complex workarounds or separate security solutions. With this feature, you can enable AWS Network Firewall endpoints to filter both IPv4 and IPv6 traffic in dual-stack subnets and VPCs, ensuring consistent security policies across your entire network infrastructure.

This unified approach simplifies your security architecture by eliminating the need for separate firewall configurations for each IP protocol version. You can now deploy a single security policy that protects all traffic types, reducing operational complexity and ensuring no security gaps exist between your IPv4 and IPv6 communications. The feature seamlessly integrates with your existing Cloud NGFW configurations, allowing you to extend protection to IPv6 traffic without disrupting current security policies.

For more information, see Configure Egress NAT and Create a Cloud NGFW for AWS Resource.