STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021: STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:SV-243082r719489_rule
V-243082
SRG-APP-000516
VCTR-67-000013
CAT II
10
From the vSphere Client, go to Networking >> select a distributed switch >> select a port group >> Configure >> Settings >> Policies >> Edit >> Security.
Set "Forged Transmits" to reject. Click "OK".
or
From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
Get-VDSwitch | Get-VDSecurityPolicy | Set-VDSecurityPolicy -ForgedTransmits $false
Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy | Set-VDSecurityPolicy -ForgedTransmits $false
From the vSphere Client, go to Networking >> select a distributed switch >> select a port group >> Configure >> Settings >> Policies.
Verify "Forged Transmits" is set to reject.
or
From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
Get-VDSwitch | Get-VDSecurityPolicy
Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy
If the "Forged Transmits" policy is set to accept for a non-uplink port, this is a finding.
V-243082
False
VCTR-67-000013
From the vSphere Client, go to Networking >> select a distributed switch >> select a port group >> Configure >> Settings >> Policies.
Verify "Forged Transmits" is set to reject.
or
From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
Get-VDSwitch | Get-VDSecurityPolicy
Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy
If the "Forged Transmits" policy is set to accept for a non-uplink port, this is a finding.
M
5399