Network misconfigurations

Amazon Network Firewall policies default stateless action for full packets should be drop or forward

Platform(s)

Description

A firewall policy defines how your firewall monitors and handles traffic in Amazon VPC. You configure stateless and stateful rule groups to filter packets and traffic flows. It was detected that the Network Firewall policy '{AwsNetworkFirewallPolicy}' is set to pass. Defaulting to Pass can allow unintended traffic.
  • Recommended Mitigation

    It is recommended to set the default stateless action for full packets for a Network Firewall policy as drop or forward