Test: Firewall Default Disallows Traffic

ASSOCIATED DRATA CONTROL

This test is part of the Firewalls control that ensures your company uses configurations that ensure only approved networking ports and protocols are implemented, including firewalls.

WHAT TO DO IF A TEST FAILS

If Drata finds that the default ruleset for the perimeter firewall allows all traffic the test will fail.

To remediate a failed test, you will need to configure the default ruleset for the perimeter firewall to deny all traffic then explicitly allow the ports needed.

STEPS FOR PASSING

To ensure a validated state when testing firewall traffic prevention, please follow the steps listed in the table below. Once the provider steps have been completed, navigate back to Drata and execute the test.

Provider / Technology	Provider Steps
Atlas - Projects	From your project dashboard, choose Network Access Click ADD IP ADDRESS Enter any IP address that is NOT 0.0.0.0/0
AWS - Security Groups	Within AWS, edit the Security Group In the actions button - Click on Edit "Edit inbound rules" Ensure that "Type" is not set to "ALL traffic" Note that this test will pass if the "Source" value is another security group Note that this test will not pass if the "Source" value is a specific CIDR range
GCP - Security Groups	Within GCP -> VPC Network -> Firewall Create Firewall Rule Set a name Logs: off Set a network Priority: 1000 Direction of traffic: Ingress Action on match: Allow Targets: Specified target tags Target tags: ex 'tag' Source Filter: IP ranges Source IP ranges: Enter any IP address that is NOT 0.0.0.0/0 Second source filter: None Protocols and ports: Specified protocols and ports, and provide values as needed