STIGQter: STIG Summary: A10 Networks ADC ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The A10 Networks ADC must use DNS Proxy mode when Global Server Load Balancing is used.

DISA Rule

SV-237036r639555_rule

Vulnerability Number

V-237036

Group Title

SRG-NET-000131-ALG-000086

Rule Version

AADC-AG-000035

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

If GSLB is used, configure it for Proxy Mode. The difference is that Proxy mode has real servers configured, while Server mode does not.

To configure Proxy mode, follow standard SLB configuration steps (Servers, Service Groups, VIP, etc.) that utilize “external” DNS servers and enable it for GSLB when configuring the virtual port.

Check Contents

If DNS-based Global Server Load Balancing is not configured, this is not applicable.

If DNS-based Global Server Load Balancing is configured, review the configuration.

Check if real servers are configured for DNS. If they are not, then the device is in Server mode, and this is a finding.

Vulnerability Number

V-237036

Documentable

False

Rule Version

AADC-AG-000035

Severity Override Guidance

If DNS-based Global Server Load Balancing is not configured, this is not applicable.

If DNS-based Global Server Load Balancing is configured, review the configuration.

Check if real servers are configured for DNS. If they are not, then the device is in Server mode, and this is a finding.

Check Content Reference

M

Target Key

5285

Comments