Back to All Checks
Medium NetworkFirewall Regional

The default stateless action for Network Firewall policies should be drop or forward for fragmented packets

NISTISO 27001

Description

Checks if the default stateless action for fragmented packets in a Network Firewall policy is set to drop or forward.

Remediation

To change the default stateless action for fragmented packets in a Network Firewall policy, see the AWS Network Firewall Developer Guide.

Steps

  1. Navigate to the AWS Network Firewall console.
  2. Select the firewall policy.
  3. Edit the stateless fragment default actions to either Drop or Forward.

Compliance

NISTISO 27001
Start Your Free Security Check