Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-251738 | T0FW-3X-000011 | SV-251738r919225_rule | Medium |
Description |
---|
It is critical that when the network element is at risk of failing to process traffic logs as required, it takes action to mitigate the failure. Collected log data be secured and access restricted to authorized personnel. Methods of protection may include encryption or logical separation. In accordance with DOD policy, the traffic log must be sent to a central audit server. Ensure at least primary and secondary syslog servers are configured on the firewall. If the product inherently has the ability to store log records locally, the local log must also be secured. However, this requirement is not met since it calls for a use of a central audit server. This does not apply to traffic logs generated on behalf of the device itself (management). Some devices store traffic logs separately from the system logs. Satisfies: SRG-NET-000089-FW-000019, SRG-NET-000098-FW-000021, SRG-NET-000333-FW-000014 |
STIG | Date |
---|---|
VMware NSX-T Tier-0 Gateway Firewall Security Technical Implementation Guide | 2023-06-22 |
Check Text ( C-55175r919224_chk ) |
---|
From an NSX-T Edge Node shell hosting the Tier-0 Gateway, run the following command(s): > get logging-servers If any configured logging-servers are not configured with protocol of "li-tls" or "tls" and level of "info", this is a finding. If no logging-servers are configured, this is a finding. Note: This check must be run from each NSX-T Edge Node hosting the Tier-0 Gateway, as they are configured individually. |
Fix Text (F-55129r810080_fix) |
---|
(Optional) From an NSX-T Edge Gateway shell, run the following command(s) to clear any existing incorrect logging-servers: > clear logging-servers From an NSX-T Edge Node shell, run the following command(s) to configure a primary and backup tls syslog server: > set logging-server From an NSX-T Edge Node shell, run the following command(s) to configure a li-tls syslog server: > set logging-server Note: If using the protocols TLS or LI-TLS to configure a secure connection to a log server, the server and client certificates must be stored in /var/vmware/nsx/file-store/ on each NSX-T Edge Gateway appliance. Note: Configure the syslog or SNMP server to send an alert if the events server is unable to receive events from the NSX-T and also if DoS incidents are detected. This is true if the events server is STIG compliant. |