The NSX-T Distributed Firewall must not have any unpublished firewall policies or rules.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-251726 | TDFW-3X-000002 | SV-251726r810032_rule | High |
| Description |
|---|
| Unpublished firewall rules may be enabled inadvertently and cause unintended filtering or introduce unvetted/unauthorized traffic flows. |
| STIG | Date |
|---|---|
| VMware NSX-T Distributed Firewall Security Technical Implementation Guide | 2022-09-01 |
Details
| Check Text ( C-55163r810030_chk ) |
|---|
| From the NSX-T Manager web interface, go to Security >> Distributed Firewall >> Category Specific Rules. If there is a message for Total Unpublished Changes and Publish is not greyed out, this is a finding. |
| Fix Text (F-55117r810031_fix) |
|---|
| From the NSX-T Manager web interface, go to Security >> Distributed Firewall >> Category Specific Rules. Review any unpublished changes, and click either "Revert" or "Publish". |