Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-251736 | T0FW-3X-000002 | SV-251736r810075_rule | High |
Description |
---|
Unpublished firewall rules may be enabled inadvertently and cause unintended filtering or introduce unvetted/unauthorized traffic flows. |
STIG | Date |
---|---|
VMware NSX-T Tier-0 Gateway Firewall Security Technical Implementation Guide | 2022-09-01 |
Check Text ( C-55173r810073_chk ) |
---|
If the Tier-0 Gateway is deployed in an Active/Active HA mode and no stateless rules exist, this is Not Applicable. From the NSX-T Manager web interface, go to Security >> Gateway Firewall >> Gateway Specific Rules. For each Tier-0 Gateway, ensure there are no Unpublished changes. If there is a message for Total Unpublished Changes and Publish is not greyed out, this is a finding. |
Fix Text (F-55127r810074_fix) |
---|
From the NSX-T Manager web interface, go to Security >> Gateway Firewall >> Gateway Specific Rules. For each Tier-0 Gateway with Unpublished changes, review any unpublished changes and click either "Revert" or "Publish". |