Skip to main content
All CollectionsControl Tests
Test: Firewall Default Disallows Traffic
Test: Firewall Default Disallows Traffic

Drata inspects your company firewall configuration files to determine if they are configured to deny all traffic not explicitly allowed.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

ASSOCIATED DRATA CONTROL

This test is part of the Firewalls control that ensures your company uses configurations that ensure only approved networking ports and protocols are implemented, including firewalls.

WHAT TO DO IF A TEST FAILS

If Drata finds that the default ruleset for the perimeter firewall allows all traffic the test will fail.

To remediate a failed test, you will need to configure the default ruleset for the perimeter firewall to deny all traffic then explicitly allow the ports needed.

STEPS FOR PASSING

To ensure a validated state when testing firewall traffic prevention, please follow the steps listed in the table below. Once the provider steps have been completed, navigate back to Drata and execute the test.

Provider / Technology

Provider Steps

Atlas - Projects

  1. From your project dashboard, choose Network Access

  2. Click ADD IP ADDRESS

  3. Enter any IP address that is NOT 0.0.0.0/0

AWS - Security Groups

  1. Within AWS, edit the Security Group

  2. In the actions button - Click on Edit "Edit inbound rules"

  3. Ensure that "Type" is not set to "ALL traffic"

  • Note that this test will pass if the "Source" value is another security group

  • Note that this test will not pass if the "Source" value is a specific CIDR range

GCP - Security Groups

  1. Within GCP -> VPC Network -> Firewall

  2. Create Firewall Rule

  3. Set a name

  4. Logs: off

  5. Set a network

  6. Priority: 1000

  7. Direction of traffic: Ingress

  8. Action on match: Allow

  9. Targets: Specified target tags

  10. Target tags: ex 'tag'

  11. Source Filter: IP ranges

  12. Source IP ranges: Enter any IP address that is NOT 0.0.0.0/0

  13. Second source filter: None

  14. Protocols and ports: Specified protocols and ports, and provide values as needed

Did this answer your question?