STIGQter STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 25 Oct 2019: The BIG-IP Core implementation must be configured to monitor inbound traffic for remote access policy compliance when accepting connections to virtual servers.

DISA Rule

SV-74701r1_rule

Vulnerability Number

V-60271

Group Title

SRG-NET-000061-ALG-000009

Rule Version

F5BI-LT-000031

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

If intermediary services for remote access communications traffic are provided, configure the BIG-IP Core as follows:

Configure a policy in the BIG-IP ASM module to monitor inbound traffic for remote access policy compliance.

Apply policy to the applicable Virtual Server(s) in the BIG-IP LTM module to monitor inbound traffic for remote access policy compliance when accepting connections to virtual servers.

Check Contents

If the BIG-IP Core does not serve as an intermediary for remote access traffic (e.g., web content filter, TLS, and webmail) for virtual servers, this is not applicable.

When intermediary services for remote access communications traffic are provided, verify the BIG-IP Core is configured as follows:

Verify Virtual Server(s) in the BIG-IP LTM module are configured with an ASM policy to inspect traffic or forward to a monitoring device for inspection prior to forwarding to inbound destinations.

Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.

Select Virtual Servers(s) from the list to verify.

Navigate to the Security >> Policies tab.

Verify that "Application Security Policy" is Enabled and "Policy" is set to use an ASM policy to monitor inbound traffic for remote access policy compliance when accepting remote access connections to virtual servers.

If the BIG-IP Core is not configured to monitor inbound traffic for compliance with remote access security policies, this is a finding.

Vulnerability Number

V-60271

Documentable

False

Rule Version

F5BI-LT-000031

Severity Override Guidance

If the BIG-IP Core does not serve as an intermediary for remote access traffic (e.g., web content filter, TLS, and webmail) for virtual servers, this is not applicable.

When intermediary services for remote access communications traffic are provided, verify the BIG-IP Core is configured as follows:

Verify Virtual Server(s) in the BIG-IP LTM module are configured with an ASM policy to inspect traffic or forward to a monitoring device for inspection prior to forwarding to inbound destinations.

Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.

Select Virtual Servers(s) from the list to verify.

Navigate to the Security >> Policies tab.

Verify that "Application Security Policy" is Enabled and "Policy" is set to use an ASM policy to monitor inbound traffic for remote access policy compliance when accepting remote access connections to virtual servers.

If the BIG-IP Core is not configured to monitor inbound traffic for compliance with remote access security policies, this is a finding.

Check Content Reference

M

Target Key

2843

Comments