STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-215765r557356_rule
V-215765
SRG-NET-000213-ALG-000107
F5BI-LT-000093
CAT II
10
Configure BIG-IP Core to terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged sessions), the session must be terminated after 15 minutes of inactivity.
Verify the BIG-IP Core is configured to terminate all network connections associated with a communications session at the end of the session as follows:
Verify a Protocol Profile is configured to terminate a session at the end of a specified time.
Navigate to the BIG-IP System manager >> Local Traffic >> Profiles >> Protocol >> TCP.
Select a profile for an in-band managed session.
Verify the TCP profile 'idle-timeout' is set to 600/900 seconds
Select a profile for a user session.
Verify the TCP profile 'idle-timeout' is set to 600/900 seconds
Verify the BIG-IP LTM is configured to use the Protocol Profile.
Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.
Select appropriate virtual server.
Verify the TCP profile 'idle-timeout' is set to 600/900 seconds
If the BIG-IP Core is not configured to terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged sessions), the session must be terminated after 15 minutes of inactivity, this is a finding.
V-215765
False
F5BI-LT-000093
Verify the BIG-IP Core is configured to terminate all network connections associated with a communications session at the end of the session as follows:
Verify a Protocol Profile is configured to terminate a session at the end of a specified time.
Navigate to the BIG-IP System manager >> Local Traffic >> Profiles >> Protocol >> TCP.
Select a profile for an in-band managed session.
Verify the TCP profile 'idle-timeout' is set to 600/900 seconds
Select a profile for a user session.
Verify the TCP profile 'idle-timeout' is set to 600/900 seconds
Verify the BIG-IP LTM is configured to use the Protocol Profile.
Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.
Select appropriate virtual server.
Verify the TCP profile 'idle-timeout' is set to 600/900 seconds
If the BIG-IP Core is not configured to terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged sessions), the session must be terminated after 15 minutes of inactivity, this is a finding.
M
4019