| SRG-NET-000364-FW-000031 |
V3R1 |
The firewall must apply ingress filters to traffic that is inbound to the network through any active external interface. |
|
| SRG-NET-000364-FW-000032 |
V3R1 |
The firewall must apply egress filters to traffic that is outbound from the network through any internal interface. |
|
| SRG-NET-000364-FW-000035 |
V3R1 |
The premise firewall (located behind the premise router) must block all outbound management traffic. |
|
| SRG-NET-000364-FW-000036 |
V3R1 |
The firewall must restrict traffic entering the VPN tunnels to the management network to only the authorized management packets based on destination address. |
|
| SRG-NET-000364-FW-000040 |
V3R1 |
The firewall must be configured to inspect all inbound and outbound traffic at the application layer. |
|
| SRG-NET-000364-FW-000041 |
V3R1 |
The firewall must be configured to inspect all inbound and outbound IPv6 traffic for unknown or out-of-order extension headers. |
|
| SRG-NET-000364-FW-000042 |
V3R1 |
The firewall must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). |
|