The VPN Gateway must ensure inbound and outbound traffic is configured with a security policy in compliance with information flow control policies.

An XCCDF Rule

Description

Unrestricted traffic may contain malicious traffic which poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth and other resources. VPN traffic received from another enclave with different security policy or level of trust must not bypass be inspected by the firewall before being forwarded to the private network.

ID: SV-207184r695317_rule
Version: SRG-NET-000019-VPN-000040
Severity: Medium
References: CCI-001414
Updated: about 2 months ago

Remediation Templates

Configure the VPN Gateway to ensure inbound and outbound traffic is configured with a security policy in compliance with information flow control policies (e.g., IPsec policy configuration). Also, configure the VPN gateway to forward encapsulated or encrypted traffic received from other enclaves with different security policies to the perimeter firewall and IDPS before traffic is passed to the private network.

The VPN Gateway must ensure inbound and outbound traffic is configured with a security policy in compliance with information flow control policies.

Description

Remediation Templates

A Manual Procedure