Skip to content

The BIG-IP Core implementation must be configured to only allow incoming communications from authorized sources routed to authorized destinations.

An XCCDF Rule

Description

<VulnDiscussion>Unrestricted traffic may contain malicious traffic that poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth and other resources. Access control policies and access control lists implemented on devices that control the flow of network traffic (e.g., application-level firewalls and Web content filters), ensure the flow of traffic is only allowed from authorized sources to authorized destinations. Networks with different levels of trust (e.g., the Internet or CDS) must be kept separate.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-215794r831477_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

If user packet-filtering intermediary services are provided, configure the BIG-IP Core as follows: 

Configure a policy in the BIG-IP AFM module to only allow incoming communications from authorized sources routed to authorized destinations.

Apply the AFM policy to the applicable Virtual Server(s) in the BIG-IP LTM module to only allow incoming communications from authorized sources routed to authorized destinations.