If there are no IPSEC Policies for which the Incoming Interface is a management-related VPN Tunnel interface, and the Outgoing Interface is the Management Network interface that meets organization requirements, this is a finding.ĥ. If there are not DENY Policies in which the Incoming Interface is a management-related VPN Tunnel interface, and the Outgoing Interface is the Management Network interface, this is a finding. Verify at least one of these polices are configured with Action set to DENY. Verify such policies with Action IPSEC meet organization requirements to only allow connectivity to specific, authorized Management Network hosts and ensure that traffic is encrypted through the IPsec tunnel.ĥ. Verify there are Policies where the Incoming Interface is a management-related VPN Tunnel interface, and the Outgoing Interface is the Management Network interface.Ĥ. Log in to the FortiGate GUI with Super- or Firewall Policy-Admin privilege.ģ. If FortiGate is not configured to support VPN access, this requirement is Not Applicable. NOC interconnectivity, as well as connectivity between the NOC and the managed networks’ premise routers, would be enabled using either provisioned circuits or VPN technologies such as IPsec tunnels or MPLS VPN services.įortinet FortiGate Firewall Security Technical Implementation Guideĭetails Check Text ( C-37340r611463_chk ) The management network could also be housed at a Network Operations Center (NOC) that is located locally or remotely at a single or multiple interconnected sites. This requirement is similar to the out-of-band management (OOBM) model, in which the production network is managed in-band. Protect the management network with a filtering firewall configured to block unauthorized traffic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |