The operating system must route organization-defined internal communications traffic to organization-defined external networks through authenticated proxy servers within the managed interfaces of boundary protection devices.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-OS-000149-ESXI5-PNF	SRG-OS-000149-ESXI5-PNF	SRG-OS-000149-ESXI5-PNF_rule		Medium

Description
A proxy server is designed to hide the identity of the client when making a connection to a server on the outside of its network. This prevents any hackers on the outside of learning IP addresses within the private network. With a proxy acting as the mediator, the client does not interact directly with the servers it is connecting to - the proxy server is in the middle handling both sides of the session. Applicable, but permanent not-a-finding - Host isolation on a separate, non-routed, management network is required. Not a router, however a requirement already exists for a gateway setting.

Description

A proxy server is designed to hide the identity of the client when making a connection to a server on the outside of its network. This prevents any hackers on the outside of learning IP addresses within the private network. With a proxy acting as the mediator, the client does not interact directly with the servers it is connecting to - the proxy server is in the middle handling both sides of the session. Applicable, but permanent not-a-finding - Host isolation on a separate, non-routed, management network is required. Not a router, however a requirement already exists for a gateway setting.

STIG	Date
VMware ESXi v5 Security Technical Implementation Guide	2013-01-15

Details

Check Text ( C-SRG-OS-000149-ESXI5-PNF_chk )
ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.

Fix Text (F-SRG-OS-000149-ESXI5-PNF_fix)
This requirement is permanent not a finding. No fix is required.