UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Firewall traversal from remote host must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-221558 DTBC-0001 SV-221558r769351_rule Medium
Description
Remote connections should never be allowed that bypass the firewall, as there is no way to verify if they can be trusted. Enables usage of STUN and relay servers when remote clients are trying to establish a connection to this machine. If this setting is enabled, then remote clients can discover and connect to this machine even if they are separated by a firewall. If this setting is disabled and outgoing UDP connections are filtered by the firewall, then this machine will only allow connections from client machines within the local network. If this policy is left not set the setting will be enabled.
STIG Date
Google Chrome Current Windows Security Technical Implementation Guide 2021-11-19

Details

Check Text ( C-23273r415801_chk )
Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If RemoteAccessHostFirewallTraversal is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding.

Windows registry:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the RemoteAccessHostFirewallTraversal value name does not exist or its value data is not set to 0, then this is a finding.
Fix Text (F-23262r769350_fix)
Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative\Templates\Google\Google Chrome\Remote Access
Policy Name: Enable firewall traversal from remote access host
Policy State: Disabled
Policy Value: N/A