Set Default Stateless Action to Drop or Forward for Network Firewall

Ensures that the default stateless action for full packets in Network Firewall policies is set to drop or forward, enhancing security.

Rule	The default stateless action for Network Firewall policies should be drop or forward for full packets
Framework	AWS Foundational Security Best Practices
Severity	✔ Medium

Default Action for Network Firewall Policies in AWS

In accordance with AWS Foundational Security Best Practices, the default stateless action for Network Firewall policies should be set to "drop" for enhanced security. Alternatively, the action can also be set to "forward" for full packets based on specific use cases and requirements.

Troubleshooting Steps

If there are any issues related to the default stateless action in the Network Firewall policies, follow these troubleshooting steps:

1.
Verification: Check the current default stateless action configured in the Network Firewall policies.

2.
Policy Evaluation: Review the policy rules to ensure that the default action aligns with the security requirements.

3.
Logging and Monitoring: Monitor the Network Firewall logs for any dropped or forwarded packets to identify any potential issues.

Necessary Codes

If you need to update the default stateless action in the Network Firewall policies, you can use the following AWS CLI command:

aws network-firewall update-firewall-policy \
--firewall-policy-arn arn:aws:network-firewall:us-west-2:123456789012:stateless-default-actions/policy-12345 \
--stateless-default-actions 'ActionName=drop'

Remediation Steps

Here is a step-by-step guide to remediate the default stateless action in the Network Firewall policies:

1.
Identify Policy: Determine the Network Firewall policy where the default action needs to be updated.

2.
Access AWS CLI: Open the AWS CLI or AWS Management Console.

3.
Update Policy: Use the provided AWS CLI command to update the default stateless action to "drop" or "forward".

4.
Review Changes: Verify the changes in the Network Firewall policy to ensure the default action is correctly updated.

5.
Monitor: Monitor the Network Firewall logs post-update to confirm that packets are being dropped or forwarded as intended.

By following these steps, you can ensure that the default stateless action in the Network Firewall policies aligns with the AWS Foundational Security Best Practices and helps enhance the security of your AWS environment.

Set Default Stateless Action to Drop or Forward for Network Firewall

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Default Action for Network Firewall Policies in AWS

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Troubleshooting Steps

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Necessary Codes

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Remediation Steps

Is your System Free of Underlying Vulnerabilities? Find Out Now

Default Action for Network Firewall Policies in AWS

Troubleshooting Steps

Necessary Codes

Remediation Steps

Is your System Free of Underlying Vulnerabilities?
Find Out Now