The perimeter firewall must be configured as required for the dedicated Internet-only WLAN infrastructure subnet.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-25322	WIR0124	SV-31437r2_rule	ECWN-1	Medium

Description
If the perimeter firewall is not configured as required, users connecting to an access point may be able to compromise internal DoD information systems.

STIG	Date
WLAN Access Point (Internet Gateway Only Connection) Security Technical Implementation Guide	2011-10-07

Details

Check Text ( C-31757r2_chk )
Verify the perimeter firewall is configured with the following policies for the dedicated Internet-only WLAN infrastructure subnet: - All traffic from the client device is routed to the external facing Internet gateway. - No client initiated connection requests can be routed to the internal enclave. - No connection requests from the enclave can be routed to the Wi-Fi client on the internet-only subnet. - No connection requests from outside the enclave (e.g., Internet) can be routed to the Wi-Fi client on the internet-only subnet.

Check Text ( C-31757r2_chk )

Verify the perimeter firewall is configured with the following policies for the dedicated Internet-only WLAN infrastructure subnet:

- All traffic from the client device is routed to the external facing Internet gateway.
- No client initiated connection requests can be routed to the internal enclave.
- No connection requests from the enclave can be routed to the Wi-Fi client on the internet-only subnet.
- No connection requests from outside the enclave (e.g., Internet) can be routed to the Wi-Fi client on the internet-only subnet.

Fix Text (F-28241r2_fix)
Configure the perimeter firewall as required for the dedicated Internet-only WLAN infrastructure subnet.