STIGQter STIGQter: STIG Summary: VMware NSX Distributed Logical Router Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 27 Jun 2016: The NSX Distributed Logical Router must be configured to disable non-essential capabilities.

DISA Rule

SV-83737r1_rule

Vulnerability Number

V-69133

Group Title

SRG-NET-000131-RTR-000035

Rule Version

VNSX-RT-000015

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Log onto vSphere Web Client with credentials authorized for administration.

Navigate and select Networking and Security >> select the "NSX Edges" tab on the left-side menu.

Double-click the Edge ID.

Navigate to Manage >> Verify the configurations under "Settings, Firewall, Routing, Bridging, and DHCP Relay" are enabled only as necessary to the deployment.

If any non-essential services are enabled, select the "disable" option, or remove the configurations under the respective sections.

Check Contents

Verify only necessary services are enabled.

Log onto vSphere Web Client with credentials authorized for administration.

Navigate and select Networking and Security >> select the "NSX Edges" tab on the left-side menu.

Double-click the Edge ID.

Navigate to Manage >> Verify the configurations under "Settings, Firewall, Routing, Bridging, and DHCP Relay" are enabled only as necessary to the deployment.

If unnecessary services are enabled, this is a finding.

Vulnerability Number

V-69133

Documentable

False

Rule Version

VNSX-RT-000015

Severity Override Guidance

Verify only necessary services are enabled.

Log onto vSphere Web Client with credentials authorized for administration.

Navigate and select Networking and Security >> select the "NSX Edges" tab on the left-side menu.

Double-click the Edge ID.

Navigate to Manage >> Verify the configurations under "Settings, Firewall, Routing, Bridging, and DHCP Relay" are enabled only as necessary to the deployment.

If unnecessary services are enabled, this is a finding.

Check Content Reference

M

Target Key

2989

Comments