UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The VPN gateway server must enforce a policy to the remote software client to check for the presence of a personal firewall before enabling access to the VPN.


Overview

Finding ID Version Rule ID IA Controls Severity
V-30948 NET-VPN-230 SV-40990r1_rule ECSC-1 Medium
Description
The security posture of the remote PC connecting to the enclave via VPN is vital to the overall security of the enclave. While on-site hosts are behind the enclave’s perimeter defense, a remote PC is not and therefore is exposed to many vulnerabilities existing in the Internet when connected to a service provider via dial-up or broadband connection. Though it is policy to have a firewall installed on the remote PC according to the Secure Remote Computing Endpoint STIG (SRC-EPT-405), it is imperative the VPN gateway enforce the policy to the software client to verify the firewall is active prior to enabling access to the VPN.
STIG Date
IPSec VPN Gateway Security Technical Implementation Guide 2018-11-27

Details

Check Text ( C-39607r1_chk )
Review all ISAKMP client configuration groups used to push policy to remote software clients and determine if the software client will check for the presence of a personal firewall before enabling access to the VPN.
Fix Text (F-34757r1_fix)
Configure the ISAKMP client configuration groups used to push policy to remote software clients to check for the presence of a personal firewall before enabling access to the VPN.