| STIG ID | Version | Title | Product |
|---|---|---|---|
| SRG-NET-000364-FW-000031 | V3R1 | The firewall must apply ingress filters to traffic that is inbound to the network through any active external interface. | Security Requirements Guide - Firewall |
| SRG-NET-000364-FW-000032 | V3R1 | The firewall must apply egress filters to traffic that is outbound from the network through any internal interface. | Security Requirements Guide - Firewall |
| SRG-NET-000364-FW-000035 | V3R1 | The premise firewall (located behind the premise router) must block all outbound management traffic. | Security Requirements Guide - Firewall |
| SRG-NET-000364-FW-000036 | V3R1 | The firewall must restrict traffic entering the VPN tunnels to the management network to only the authorized management packets based on destination address. | Security Requirements Guide - Firewall |
| SRG-NET-000364-FW-000040 | V3R1 | The firewall must be configured to inspect all inbound and outbound traffic at the application layer. | Security Requirements Guide - Firewall |
| SRG-NET-000364-FW-000041 | V3R1 | The firewall must be configured to inspect all inbound and outbound IPv6 traffic for unknown or out-of-order extension headers. | Security Requirements Guide - Firewall |
| SRG-NET-000364-FW-000042 | V3R1 | The firewall must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | Security Requirements Guide - Firewall |