UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The FortiGate firewall must apply ingress filters to traffic that is inbound to the network through any active external interface.


Overview

Finding ID Version Rule ID IA Controls Severity
V-234152 FNFG-FW-000115 SV-234152r628776_rule Medium
Description
Unrestricted traffic to the trusted networks may contain malicious traffic that poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth and other resources. Firewall filters control the flow of network traffic and ensure the flow of traffic is only allowed from authorized sources to authorized destinations. Networks with different levels of trust (e.g., the internet) must be kept separated.
STIG Date
Fortinet FortiGate Firewall Security Technical Implementation Guide 2021-01-29

Details

Check Text ( C-37337r611454_chk )
Log in to the FortiGate GUI with Super- or Firewall Policy-Admin privilege.

1. Click the Policy and Objects.
2. Click IPv4 or IPv6 Policy.
3. Verify the policies are configured for all Interfaces.
4. Verify the polices are configured with Action set either to DENY or ACCEPT based on the organizational requirement.

If a Firewall Policy is not applied to all interfaces, this is a finding.
Fix Text (F-37302r611455_fix)
Log in to the FortiGate GUI with Super- or Firewall Policy-Admin privilege.

1. Click the Policy and Objects.
2. Click IPv4 or IPv6 Policy.
3. Click +Create New.
4. Name the policy, select Incoming and Outgoing Interfaces.
5. Create the policies with authorized sources and destinations.
6. Create the policies with Action set to either DENY or ACCEPT.
7. Ensure the Enable this policy is toggled to right.
8. Click OK.
9. Ensure a policy is created for each interface.