Network misconfigurations

Stateless Network Firewall rule group should not be empty

Platform(s)
Compliance Frameworks

Description

A rule group contains rules that define how your firewall processes traffic in your VPC. It was detected that the Network Firewall rule group '{AwsNetworkFirewallRuleGroup}' is empty. An empty stateless rule group, when present in a firewall policy, might give the impression that the rule group will process traffic. However, when the stateless rule group is empty, it does not process traffic.

  • Recommended Mitigation

    It is recommended to to add a rule group to a Network Firewall policy

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.