Risk Level: High
Cloud Entity: AWS Network-Firewall
CloudGuard Rule ID: D9.AWS.NET.66
Covered by Spectral: No
Category: Networking & Content Delivery

GSL LOGIC

NetworkFirewall should not have firewallStatus.status='FAILED'

REMEDIATION

From Portal

Sign in to the AWS console
In the console, select the specific region
Navigate to the 'AWS Network Firewall' service.
In the left pane under 'Network Firewall' click on Firewall.
Select desired firewall and identify the 'Firewall status'.

From Command Line
You can identify the status of your network firewall by using the following CLI command:

aws network-firewall describe-firewall --region REGION_NAME --firewall-name FIREWALL_NAME

References

https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_FirewallStatus.html

AWS Network-Firewall

AWS Network Firewall is a managed service that makes it easy to deploy essential network protections for all of your Amazon Virtual Private Clouds (VPCs). AWS Network Firewall's flexible rules engine lets you define firewall rules that give you fine-grained control over network traffic, such as blocking outbound Server Message Block (SMB) requests to prevent the spread of malicious act

Compliance Frameworks

AWS CIS Controls V 8
AWS CloudGuard Best Practices
AWS CloudGuard SOC2 based on AICPA TSC 2017
AWS HITRUST
AWS HITRUST v11.0.0
AWS ISO27001:2022
AWS ITSG-33
AWS MITRE ATT&CK Framework v10
AWS MITRE ATT&CK Framework v11.3
AWS NIST 800-53 Rev 5
CloudGuard AWS All Rules Ruleset