An error occurred:

Check: SRG-NET-000019-VPN-002435

Virtual Private Network (VPN) SRG: SRG-NET-000019-VPN-002435 (in versions v3 r3 through v2 r6)

Title

The TLS VPN must be configured to limit authenticated client sessions to initial session source IP. (Cat II impact)

Discussion

Limiting authenticated client sessions to the initial session source IP for TLS VPNs is a safeguard against session hijacking, replay, and man-in-the-middle attacks, maintaining integrity and confidentiality of communication between clients and servers.

Check Content

Verify the TLS VPN Gateway limits authenticated client sessions to initial session source IP. If the TLS VPN Gateway does not limit authenticated client sessions to initial session source IP, this is a finding.

Fix Text

Configure the TLS VPN Gateway to limit authenticated client sessions to initial session source IP.

Additional Identifiers

Rule ID: SV-264335r984341_rule

Vulnerability ID: V-264335

Group Title: SRG-NET-000019

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001414

Enforce approved authorizations for controlling the flow of information between connected systems based on organization-defined information flow control policies.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-4

Information Flow Enforcement