Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-239306 | ESXI-67-000052 | SV-239306r674847_rule | Low |
Description |
---|
Three different TCP/IP stacks are available by default on ESXi: Default, Provisioning, and vMotion. To better protect and isolate sensitive network traffic within ESXi, administrators must configure each of these stacks. Additional custom TCP/IP stacks can be created if desired. |
STIG | Date |
---|---|
VMware vSphere 6.7 ESXi Security Technical Implementation Guide | 2021-03-17 |
Check Text ( C-42539r674845_chk ) |
---|
From the vSphere Client, select the ESXi host and go to Configure >> Networking >> TCP/IP configuration. Review the default system TCP/IP stacks and verify they are configured with the appropriate IP address information. If vMotion and Provisioning VMKernels are in use and are not using their own TCP/IP stack, this is a finding. |
Fix Text (F-42498r674846_fix) |
---|
From the vSphere Client, select the ESXi host and go to Configure >> Networking >> TCP/IP configuration. Select a TCP/IP stack and click "Edit". Enter the appropriate site-specific IP address information for the particular TCP/IP stack and click "OK". |