This article explains how AWS Network Firewall managed rules protect SAP deployments on AWS, covering AWS-managed and partner-provided security rules.

• AWS Managed Rules provide ready-to-use, automatically updated firewall rules at no cost
• Domain List Rules block traffic to malware, botnet, and compromised domains
• Threat Signature Rules detect botnets, DoS attacks, exploits, malware, phishing, and web attacks
• Custom Firewall Rules use stateless and stateful engines with Suricata-compatible rules
• Fortinet Managed IPS Rules offer 60+ SAP-specific signatures for advanced threat prevention
• Test rules in staging environment first to avoid blocking legitimate SAP traffic
• Combine AWS WAF, Network Firewall, and security groups based on use case
• Avoid inspecting traffic between SAP application and database components for performance

AWS Network Firewall with managed rules provides layered protection for SAP systems against known and emerging threats while reducing implementation overhead.