1 Answer
1
It sounds like your default action for the managed rule group is set to alert. You can set it to drop to block the traffic: https://docs.aws.amazon.com/network-firewall/latest/developerguide/nwfw-using-managed-rule-groups.html
You may also need to check out your rule group ordering: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-default-rule-evaluation-order
answered 5 months ago
Relevant questions
AWS Network Firewall and VPN Gateway
asked 21 days agoDoes Network Firewall logging tell me the policy rule that was enforced?
asked 3 months agoAWS Network Firewall - Suricata rules not working as expected
asked 2 months agoNetwork Firewall
asked 4 months agoAWS CLI Updating Network Firewall Rules
asked 6 months agoAWS Network Firewall Domain list Port
asked 5 months agoAWS Network Firewall Managed Signatures
asked 5 months agoAWS Network Firewall stateful rule groups
asked 6 months agoSSM Network firewall audit
asked 9 months agoAWS Network Firewall limiations
asked a month ago
0 thanks mike for helping me out. How can i set them to drop? I have disabled the run in alert mode. I don't see any other option