STIGQter: STIG Summary: HP FlexFabric Switch RTR Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020: STIGQter: STIG Summary: HP FlexFabric Switch RTR Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:SV-80619r1_rule
V-66129
SRG-NET-000364-RTR-000109
HFFS-RT-000021
CAT II
10
Configure the HP FlexFabric Switch to only allow incoming communications from authorized sources to be routed to authorized destinations.
Review the HP FlexFabric Switch configuration to determine if the switch only allows incoming communications from authorized sources to be routed to authorized destinations. This requirement can be met by applying an ingress filter to an external-facing interface as shown in the following example:
acl number 3001
rule 1 deny ip source 192.168.3.121 0
rule 2 permit ip source 192.100.1.0 0.0.0.255 destination 192.200.2.0 0.0.0.255
interface Ten-GigabitEthernet1/0/21
ip address 102.17.17.2 255.255.255.252
packet-filter 3001 inbound
If the HP FlexFabric Switch allows incoming communications from unauthorized sources or to unauthorized destinations, this is a finding.
V-66129
False
HFFS-RT-000021
Review the HP FlexFabric Switch configuration to determine if the switch only allows incoming communications from authorized sources to be routed to authorized destinations. This requirement can be met by applying an ingress filter to an external-facing interface as shown in the following example:
acl number 3001
rule 1 deny ip source 192.168.3.121 0
rule 2 permit ip source 192.100.1.0 0.0.0.255 destination 192.200.2.0 0.0.0.255
interface Ten-GigabitEthernet1/0/21
ip address 102.17.17.2 255.255.255.252
packet-filter 3001 inbound
If the HP FlexFabric Switch allows incoming communications from unauthorized sources or to unauthorized destinations, this is a finding.
M
2979