STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to A10 Networks ADC ALG Security Technical Implementation Guide

V-237039

CAT II (Medium)

The A10 Networks ADC must not have any unnecessary or unapproved virtual servers configured.

Rule ID

SV-237039r639564_rule

STIG

A10 Networks ADC ALG Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-001109

Discussion

A deny-all, permit-by-exception network communications traffic policy ensures that only those connections which are essential and approved are allowed. A virtual server is an instance where the device accepts traffic from outside hosts and redirects traffic to one or more real servers. In keeping with a deny-all, permit-by-exception policy, the services that the device provides to outside hosts must be only those that are necessary, documented, and approved.

Check Content

Review the configured servers, service groups, and virtual servers. 

The following command shows information for SLB servers:
show slb server

The following command shows information for service groups (multiple servers):
show slb service-group

The following command shows information for virtual servers (the services visible to outside hosts):
show slb virtual-server

Ask the Administrator for the list of approved services being provided by the device and compare this against the output of the command listed above. 

If there are more configured virtual servers than are approved, this is a finding.

Fix Text

Do not configure a server, service group, or virtual server for any unnecessary or unapproved service.