Back to All Checks
Medium NetworkFirewall Regional

Network Firewall firewalls should be deployed across multiple Availability Zones

NIST 800-53

Description

This control evaluates whether a firewall managed through AWS Network Firewall is deployed across multiple Availability Zones (AZs). The control fails if a firewall is deployed in only one AZ. By deploying a Network Firewall firewall across multiple AZs, you can balance and shift traffic among AZs and design highly available solutions.

Remediation

Deploy the Network Firewall firewall across multiple AZs by associating subnets in different AZs.

Steps

  1. Open the AWS Network Firewall console.
  2. Select your firewall and choose 'Edit'.
  3. Add additional subnet mappings in different Availability Zones.
  4. Save changes and verify firewall status shows multiple AZ sync states.

Compliance

NIST 800-53
Start Your Free Security Check