STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-206708r604133_rule
V-206708
SRG-NET-000364
SRG-NET-000364-FW-000036
CAT II
10
Where IPsec technology is deployed to connect the managed network to the NOC, restrict the traffic entering the tunnels so that only the authorized management packets with authorized destination addresses are permitted.
Inspect the architecture diagrams. Inspect the NOC and the managed network. Note that the IPsec tunnel endpoints may be configured on the premise or gateway router, the VPN gateway firewall, or a VPN concentrator.
Verify that all traffic between the managed network and management network and vice-versa is secured via IPsec encapsulation.
If the firewall does not restrict traffic entering the VPN tunnels to the management network to only the authorized management packets based on destination address, this is a finding.
V-206708
False
SRG-NET-000364-FW-000036
Inspect the architecture diagrams. Inspect the NOC and the managed network. Note that the IPsec tunnel endpoints may be configured on the premise or gateway router, the VPN gateway firewall, or a VPN concentrator.
Verify that all traffic between the managed network and management network and vice-versa is secured via IPsec encapsulation.
If the firewall does not restrict traffic entering the VPN tunnels to the management network to only the authorized management packets based on destination address, this is a finding.
M
2912