STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-215739r557356_rule
V-215739
SRG-NET-000018-ALG-000017
F5BI-LT-000005
CAT II
10
If user packet-filtering intermediary services are provided, configure the BIG-IP Core as follows:
Configure a policy in the BIG-IP Advanced Firewall Manager (AFM) module to enforce approved authorizations for controlling the flow of information within the network based on attribute- and content-based inspection of source, destination, headers, and/or content of the communications traffic.
Apply the AFM policy to the applicable Virtual Server(s) in the BIG-IP LTM module to enforce approved authorizations for controlling the flow of information within the network.
If the BIG-IP Core does not perform packet-filtering intermediary services for virtual servers, this is not applicable.
When packet-filtering intermediary services are performed, verify the BIG-IP Core is configured as follows:
Verify the BIG-IP Core is configured as follows:
Verify Virtual Server(s) in the BIG-IP LTM module are configured with an AFM policy to enforce approved authorizations for controlling the flow of information within the network based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.
Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.
Select Virtual Servers(s) from the list to verify.
Navigate to the Security >> Policies tab.
Verify that "Network Firewall" Enforcement is set to "Policy Rules..." and "Policy" is set to use an AFM policy to enforce approved authorizations for controlling the flow of information within the network based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.
If the BIG-IP Core is not configured to enforce approved authorizations for controlling the flow of information within the network based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic, this is a finding.
V-215739
False
F5BI-LT-000005
If the BIG-IP Core does not perform packet-filtering intermediary services for virtual servers, this is not applicable.
When packet-filtering intermediary services are performed, verify the BIG-IP Core is configured as follows:
Verify the BIG-IP Core is configured as follows:
Verify Virtual Server(s) in the BIG-IP LTM module are configured with an AFM policy to enforce approved authorizations for controlling the flow of information within the network based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.
Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.
Select Virtual Servers(s) from the list to verify.
Navigate to the Security >> Policies tab.
Verify that "Network Firewall" Enforcement is set to "Policy Rules..." and "Policy" is set to use an AFM policy to enforce approved authorizations for controlling the flow of information within the network based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.
If the BIG-IP Core is not configured to enforce approved authorizations for controlling the flow of information within the network based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic, this is a finding.
M
4019