UCF STIG Viewer Logo

The ESXi host must protect the confidentiality and integrity of transmitted information by utilizing different TCP/IP stacks where possible.


Overview

Finding ID Version Rule ID IA Controls Severity
V-207651 ESXI-65-000052 SV-207651r380176_rule Low
Description
There are three different TCP/IP stacks by default available on ESXi now which are Default, Provisioning, and vMotion. To better protect and isolate sensitive network traffic within ESXi admins must configure each of these stacks. Additional custom TCP/IP stacks can be created if desired.
STIG Date
VMware vSphere 6.5 ESXi Security Technical Implementation Guide 2021-09-22

Details

Check Text ( C-7906r364352_chk )
From the vSphere Web Client select the ESXi Host and go to Configure >> Networking >> TCP/IP configuration. Review the default system TCP/IP stacks and verify they are configured with the appropriate IP address information.

If vMotion and Provisioning VMKernels are in use and are not utilizing their own TCP/IP stack, this is a finding.
Fix Text (F-7906r364353_fix)
From the vSphere Web Client select the ESXi Host and go to Configure >> Networking >> TCP/IP configuration >> Select a TCP/IP stack >> Click Edit >> Enter the appropriate site specific IP address information for the particular TCP/IP stack and click OK.