The TLS VPN must be configured to limit authenticated client sessions to initial session source IP.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-264335 | SRG-NET-000019 | SRG-NET-000019-VPN-002435 | SV-264335r1138025_rule | 2025-09-10 | 3 |
Description
Limiting authenticated client sessions to the initial session source IP for TLS VPNs is a safeguard against session hijacking, replay, and man-in-the-middle attacks, maintaining integrity and confidentiality of communication between clients and servers.
This requirement also applies to Zero Trust initiatives.
ℹ️ Check
Verify the TLS VPN Gateway limits authenticated client sessions to initial session source IP.
If the TLS VPN Gateway does not limit authenticated client sessions to initial session source IP, this is a finding.
✔️ Fix
Configure the TLS VPN Gateway to limit authenticated client sessions to initial session source IP.