Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The NSX-T Tier-1 Gateway Firewall must not have any unpublished firewall policies or rules.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-251760 | T1FW-3X-000002 | SV-251760r810175_rule | High |
| Description |
|---|
| Unpublished firewall rules may be enabled inadvertently and cause unintended filtering or introduce unvetted/unauthorized traffic flows. |
| STIG | Date |
|---|---|
| VMware NSX-T Tier 1 Gateway Firewall Security Technical Implementation Guide | 2022-09-01 |
Details
| Check Text ( C-55197r810173_chk ) |
|---|
| From the NSX-T Manager web interface, go to Security >> Gateway Firewall >> Gateway Specific Rules. For each Tier-1 Gateway, ensure there are no Unpublished changes. If there is a message for Total Unpublished Changes and Publish is not greyed out, this is a finding. |
| Fix Text (F-55151r810174_fix) |
|---|
| From the NSX-T Manager web interface, go to Security >> Gateway Firewall >> Gateway Specific Rules. For each Tier-1 Gateway with Unpublished changes, review any unpublished changes and click either "Revert" or "Publish". |