An error occurred:

Check: SRG-NET-000098-FW-000021

Firewall SRG: SRG-NET-000098-FW-000021 (in versions v2 r3 through v1 r5)

Title

The firewall must be configured to use TCP when sending log records to the central audit server. (Cat II impact)

Discussion

If the default UDP protocol is used for communication between the hosts and devices to the Central Log Server, then log records that do not reach the log server are not detected as a data loss. The use of TCP to transport log records to the log servers improves delivery reliability.

Check Content

Review the firewall configuration and verify that it is configure to use TCP. If the firewall is not configured to use TCP when sending log records to the central audit server, this is a finding.

Fix Text

Configure the firewall to use TCP when sending log records to the central audit server.

Additional Identifiers

Rule ID: SV-206685r604133_rule

Vulnerability ID: V-206685

Group Title: SRG-NET-000098

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000162

The information system protects audit information from unauthorized access.
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-9

Protection Of Audit Information
CM-6

Configuration Settings