Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-94051 | ESXI-65-000052 | SV-104137r1_rule | Low |
Description |
---|
There are three different TCP/IP stacks by default available on ESXi now which are Default, Provisioning, and vMotion. To better protect and isolate sensitive network traffic within ESXi admins must configure each of these stacks. Additional custom TCP/IP stacks can be created if desired. |
STIG | Date |
---|---|
VMware vSphere 6.5 ESXi Security Technical Implementation Guide | 2019-10-01 |
Check Text ( C-93369r1_chk ) |
---|
From the vSphere Web Client select the ESXi Host and go to Configure >> Networking >> TCP/IP configuration. Review the default system TCP/IP stacks and verify they are configured with the appropriate IP address information. If vMotion and Provisioning VMKernels are in use and are not utilizing their own TCP/IP stack, this is a finding. |
Fix Text (F-100299r1_fix) |
---|
From the vSphere Web Client select the ESXi Host and go to Configure >> Networking >> TCP/IP configuration >> Select a TCP/IP stack >> Click Edit >> Enter the appropriate site specific IP address information for the particular TCP/IP stack and click OK. |