STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Ivanti Sentry 9.x ALG Security Technical Implementation Guide

V-251034

CAT II (Medium)

The Sentry must only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Rule ID

SV-251034r1028200_rule

STIG

Ivanti Sentry 9.x ALG Security Technical Implementation Guide

Version

V3R1

CCIs

CCI-002403

Discussion

Unrestricted traffic may contain malicious traffic which poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth and other resources. Access control policies and access control lists implemented on devices that control the flow of network traffic (e.g., application level firewalls and Web content filters), ensure the flow of traffic is only allowed from authorized sources to authorized destinations. Networks with different levels of trust (e.g., the internet or CDS) must be kept separate.

Check Content

Verify only approved network routes are added to the Sentry.

1. Log in to Sentry System Manager.
2. Go to Settings >> Network >> Routes.
3. Verify only approved network routes are configured.

If non-approved network routes are configured, this is a finding.

Fix Text

Configure only approved network routes on the Sentry.

1. Log in to Sentry System Manager.
2. Go to Settings >> Routes.
3. Select any unauthorized network routes in the list and click "Delete".
4. Click "Add" to add approved routes.