The F5 BIG-IP appliance providing intermediary services for remote access communications traffic must ensure inbound and outbound traffic is monitored for compliance with remote access security policies.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-266138 | SRG-NET-000061-ALG-000009 | F5BI-AP-300002 | SV-266138r1024835_rule | 2024-09-20 | 1 |
| Description |
|---|
| Automated monitoring of remote access traffic allows organizations to detect cyberattacks and also ensure ongoing compliance with remote access policies by inspecting connection activities of remote access capabilities. Remote access methods include both unencrypted and encrypted traffic (e.g., web portals, web content filter, TLS, and webmail). With inbound TLS inspection, the traffic must be inspected prior to being allowed on the enclave's web servers hosting TLS or HTTPS applications. With outbound traffic inspection, traffic must be inspected prior to being forwarded to destinations outside of the enclave, such as external email traffic. |
| ℹ️ Check |
|---|
| If the BIG-IP appliance does not serve as an intermediary for remote access traffic, this is not applicable. From the BIG-IP GUI: 1. Security. 2. Application Security. 3. Security Policies. 4. Policies List. 5. Review the list of policies and confirm they are applied to virtual servers being used for intermediary services for remote access communications traffic. If the BIG-IP appliance is not configured to ensure inbound and outbound traffic is monitored for compliance with remote access security policies, this is a finding. |
| ✔️ Fix |
|---|
| From the BIG-IP GUI: 1. Local Traffic. 2. Virtual Servers. 3. Virtual Server List. 4. Click on the name of a virtual server. 5. Security tab >> Policies. 6. Set "Application Security Policy" to "Enabled". 7. Select the policy from the drop-down. 8. Update. 9. Repeat for additional virtual servers. |