Skip to content
Catalogs
XCCDF
Firewall Security Requirements Guide
SRG-NET-000364
The firewall must restrict traffic entering the VPN tunnels to the management network to only the authorized management packets based on destination address.
The firewall must restrict traffic entering the VPN tunnels to the management network to only the authorized management packets based on destination address. An XCCDF Rule
The firewall must restrict traffic entering the VPN tunnels to the management network to only the authorized management packets based on destination address.
Medium Severity
<VulnDiscussion>Protect the management network with a filtering firewall configured to block unauthorized traffic. This requirement is similar to the out-of-band management (OOBM) model, when the production network is managed in-band. The management network could also be housed at a Network Operations Center (NOC) that is located locally or remotely at a single or multiple interconnected sites.
NOC interconnectivity, as well as connectivity between the NOC and the managed networks’ premise routers, would be enabled using either provisioned circuits or VPN technologies such as IPsec tunnels or MPLS VPN services.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>