This article announces AWS Virtual Private Gateway (VGW) Ingress Routing support for Gateway Load Balancer, enabling traffic inspection at VPC entry points.

• VGW Ingress Routing now supports Gateway Load Balancer Endpoints as next-hop targets
• Inspect incoming traffic from VPN or Direct Connect before reaching protected subnets
• Works with AWS Network Firewall and third-party virtual appliances like NGFWs and IDS/IPS
• Eliminates need for Transit Gateway workarounds, reducing costs and latency
• Supports three deployment scenarios: GWLB with third-party appliances, AWS Network Firewall, and combined IGW/VGW routing
• GWLBE must be in same VPC as VGW; no additional costs; available in all AWS regions

This enhancement simplifies centralized traffic inspection for hybrid connectivity by allowing direct steering of ingress traffic through security appliances without Transit Gateway overhead.