STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The firewall that filters traffic from the VPN access points must be configured with organization-defined filtering rules that apply to the monitoring of remote access traffic.

DISA Rule

SV-206676r604133_rule

Vulnerability Number

V-206676

Group Title

SRG-NET-000061

Rule Version

SRG-NET-000061-FW-000001

Severity

CAT II

CCI(s)

• CCI-000067 - The information system monitors remote access methods.

Weight

10

Fix Recommendation

Configure a group policy for remote clients and apply to the interface that is connected to allow ingress and egress to the VPN access points.

Check Contents

Review the firewall configuration statements used to create a group policy with filtering rules for remote clients accessing the network using a VPN.

Verify both ingress and egress traffic on this interface is subject to the remote access policy and filtering rules required by the organization.

If the firewall is used to filter traffic from the VPN access points but is not configured with filtering rules that apply to the monitoring of remote access traffic, this is a finding.

Vulnerability Number

V-206676

Documentable

False

Rule Version

SRG-NET-000061-FW-000001

Severity Override Guidance

Review the firewall configuration statements used to create a group policy with filtering rules for remote clients accessing the network using a VPN.

Verify both ingress and egress traffic on this interface is subject to the remote access policy and filtering rules required by the organization.

If the firewall is used to filter traffic from the VPN access points but is not configured with filtering rules that apply to the monitoring of remote access traffic, this is a finding.

Check Content Reference

M

Target Key

2912

Comments