STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to F5 BIG-IP TMOS VPN Security Technical Implementation Guide

V-266280

CAT I (High)

The F5 BIG-IP appliance IPsec VPN must ensure inbound and outbound traffic is configured with a security policy.

Rule ID

SV-266280r1024917_rule

STIG

F5 BIG-IP TMOS VPN Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001414

Discussion

Unrestricted traffic may contain malicious traffic which poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth and other resources. VPN traffic received from another enclave with different security policy or level of trust must not bypass be inspected by the firewall before being forwarded to the private network.

Check Content

From the BIG-IP GUI:
1. Network.
2. IPsec.
3. IPsec Policies.
4. Click on IPsec Policy for site to site IPsec.
5. Verify that "ESP" is selected in the IPsec Protocol section.

If the BIG-IP is not configured to ensure inbound and outbound traffic is configured with a security policy in compliance with information flow control policies, this is a finding.

Fix Text

From the BIG-IP GUI:
1. Network.
2. IPsec.
3. IPsec Policies.
4. Click on IPsec Policy for site to site IPsec.
5. Select "ESP" in the IPsec Protocol section.
6. Click "Update".