UCF STIG Viewer Logo

The ESXi host must protect the confidentiality and integrity of transmitted information by using different TCP/IP stacks where possible.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239306 ESXI-67-000052 SV-239306r674847_rule Low
Description
Three different TCP/IP stacks are available by default on ESXi: Default, Provisioning, and vMotion. To better protect and isolate sensitive network traffic within ESXi, administrators must configure each of these stacks. Additional custom TCP/IP stacks can be created if desired.
STIG Date
VMware vSphere 6.7 ESXi Security Technical Implementation Guide 2022-01-05

Details

Check Text ( C-42539r674845_chk )
From the vSphere Client, select the ESXi host and go to Configure >> Networking >> TCP/IP configuration.

Review the default system TCP/IP stacks and verify they are configured with the appropriate IP address information.

If vMotion and Provisioning VMKernels are in use and are not using their own TCP/IP stack, this is a finding.
Fix Text (F-42498r674846_fix)
From the vSphere Client, select the ESXi host and go to Configure >> Networking >> TCP/IP configuration.

Select a TCP/IP stack and click "Edit".

Enter the appropriate site-specific IP address information for the particular TCP/IP stack and click "OK".