--- title: AWS Network Firewall description: A stateful service that filters traffic at the perimeter of your VPC. breadcrumbs: Docs > Integrations > AWS Network Firewall --- # AWS Network Firewall Integration version1.0.0 ## Overview{% #overview %} AWS Network Firewall is a stateful, service that allows customers to filter traffic at the perimeter of their VPC. Enable this integration to see all of your AWS Network Firewall metrics in Datadog. ## Setup{% #setup %} ### Installation{% #installation %} If you haven't already, set up the [Amazon Web Services integration first](https://docs.datadoghq.com/integrations/amazon_web_services/). ### Metric collection{% #metric-collection %} 1. In the [AWS integration page](https://app.datadoghq.com/integrations/amazon-web-services), ensure that `Network Firewall` is enabled under the `Metric Collection` tab. 1. Install the [Datadog - AWS Network Firewall integration](https://app.datadoghq.com/integrations/amazon-network-firewall). ### Log collection{% #log-collection %} #### Enable logging{% #enable-logging %} Configure AWS Network Firewall to send logs either to a S3 bucket or to CloudWatch. **Note**: If you log to a S3 bucket, make sure that `amazon_network_firewall` is set as *Target prefix*. #### Send logs to Datadog{% #send-logs-to-datadog %} 1. If you haven't already, set up the [Datadog Forwarder Lambda function](https://docs.datadoghq.com/logs/guide/forwarder/). 1. Once the Lambda function is installed, manually add a trigger on the S3 bucket or CloudWatch log group that contains your AWS Network Firewall logs in the AWS console: - [Add a manual trigger on the S3 bucket](https://docs.datadoghq.com/logs/guide/send-aws-services-logs-with-the-datadog-lambda-function/#collecting-logs-from-s3-buckets) - [Add a manual trigger on the CloudWatch Log Group](https://docs.datadoghq.com/logs/guide/send-aws-services-logs-with-the-datadog-lambda-function/#collecting-logs-from-cloudwatch-log-group) ## Data Collected{% #data-collected %} ### Metrics{% #metrics %} | | | | | **aws.networkfirewall.dropped\_packets**(gauge) | The number of packets dropped by a firewall rule.*Shown as packet* | | **aws.networkfirewall.passed\_packets**(gauge) | The number of packets forwarded on by the firewall.*Shown as packet* | | **aws.networkfirewall.received\_packets**(gauge) | The number of packets received by the firewall.*Shown as packet* | Each of the metrics retrieved from AWS are assigned the same tags that appear in the AWS console, including but not limited to host name, security-groups, and more. ### Events{% #events %} The AWS Network Firewall integration does not include any events. ### Service Checks{% #service-checks %} The AWS Network Firewall integration does not include any service checks. ## Troubleshooting{% #troubleshooting %} Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).