STIGQter STIGQter: STIG Summary: Palo Alto Networks ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Palo Alto Networks security platform must not enable the DNS proxy.

DISA Rule

SV-228839r557387_rule

Vulnerability Number

V-228839

Group Title

SRG-NET-000131-ALG-000086

Rule Version

PANW-AG-000037

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Do not configure and enable the DNS Proxy capability.

Go to Network >> DNS Proxy
If there are no entries in the pane, then this capability has not been enabled.

Check Contents

To check if DNS Proxy is configured:
Go to Network >> DNS Proxy
If there are entries in the pane, this is a finding.

Vulnerability Number

V-228839

Documentable

False

Rule Version

PANW-AG-000037

Severity Override Guidance

To check if DNS Proxy is configured:
Go to Network >> DNS Proxy
If there are entries in the pane, this is a finding.

Check Content Reference

M

Target Key

4233

Comments