STIGQter: STIG Summary: F5 BIG-IP Advanced Firewall Manager 11.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 29 May 2015: STIGQter: STIG Summary: F5 BIG-IP Advanced Firewall Manager 11.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 29 May 2015:SV-74355r1_rule
V-59925
SRG-NET-000364-ALG-000122
F5BI-AF-000223
CAT II
10
Configure the BIG-IP AFM module to only allow incoming communications from authorized sources routed to authorized destinations.
If the BIG-IP AFM module is not used to support user access control intermediary services for virtual servers, this is not applicable.
Verify the BIG-IP AFM module is configured to only allow incoming communications from authorized sources routed to authorized destinations.
Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.
Select the applicable Virtual Servers(s) from the list to verify.
Navigate to the Security >> Policies tab.
Verify that "Network Firewall" is assigned a local Network Firewall Policy.
Verify configuration of the identified Network Firewall policy:
Navigate to the BIG-IP System manager >> Security >> Network Firewall >> Active Rules.
Select the Network Firewall policy that was assigned to the Virtual Server.
Review the configuration of the "Protocol", "Source", "Destination", and "Action" sections at a minimum to ensure that the policy is only allowing incoming communications from authorized sources enroute to authorized destinations.
If the BIG-IP AFM module is not configured to only allow incoming communications from unauthorized sources routed to unauthorized destinations, this is a finding.
V-59925
False
F5BI-AF-000223
If the BIG-IP AFM module is not used to support user access control intermediary services for virtual servers, this is not applicable.
Verify the BIG-IP AFM module is configured to only allow incoming communications from authorized sources routed to authorized destinations.
Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.
Select the applicable Virtual Servers(s) from the list to verify.
Navigate to the Security >> Policies tab.
Verify that "Network Firewall" is assigned a local Network Firewall Policy.
Verify configuration of the identified Network Firewall policy:
Navigate to the BIG-IP System manager >> Security >> Network Firewall >> Active Rules.
Select the Network Firewall policy that was assigned to the Virtual Server.
Review the configuration of the "Protocol", "Source", "Destination", and "Action" sections at a minimum to ensure that the policy is only allowing incoming communications from authorized sources enroute to authorized destinations.
If the BIG-IP AFM module is not configured to only allow incoming communications from unauthorized sources routed to unauthorized destinations, this is a finding.
M
2839