Network misconfigurations

Amazon Network Firewall policies default stateless action for full packets should be drop or forward

Platform(s)
Compliance Frameworks

Description

A firewall policy defines how your firewall monitors and handles traffic in Amazon VPC. You configure stateless and stateful rule groups to filter packets and traffic flows. It was detected that the Network Firewall policy '{AwsNetworkFirewallPolicy}' is set to pass. Defaulting to Pass can allow unintended traffic.

  • Recommended Mitigation

    It is recommended to set the default stateless action for full packets for a Network Firewall policy as drop or forward

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.