STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Symantec Edge SWG ALG Security Technical Implementation Guide

V-279177

CAT II (Medium)

The Edge SWG must ensure inbound and outbound traffic is monitored for compliance with remote access security policies.

Rule ID

SV-279177r1170662_rule

STIG

Symantec Edge SWG ALG Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000067CCI-000130CCI-000131CCI-000132CCI-000133CCI-000134CCI-001487CCI-001919CCI-001851CCI-001314CCI-000172

Discussion

Automated monitoring of remote access traffic allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by inspecting connection activities of remote access capabilities. Remote access methods include both unencrypted and encrypted traffic (e.g., web portals, web content filter, TLS and webmail). With inbound TLS inspection, the traffic must be inspected prior to being allowed on the enclave's web servers hosting TLS or HTTPS applications. With outbound traffic inspection, traffic must be inspected prior to being forwarded to destinations outside of the enclave, such as external email traffic. Satisfies: SRG-NET-000061-ALG-000009, SRG-NET-000074-ALG-000043, SRG-NET-000075-ALG-000044, SRG-NET-000076-ALG-000045, SRG-NET-000077-ALG-000046, SRG-NET-000078-ALG-000047, SRG-NET-000079-ALG-000048, SRG-NET-000331-ALG-000041, SRG-NET-000334-ALG-000050, SRG-NET-000402-ALG-000130, SRG-NET-000492-ALG-000027, SRG-NET-000511-ALG-000051, SRG-NET-000513-ALG-000026

Check Content

1. In the Edge SWG Web UI, navigate to the Visual Policy Manager (VPM).
2. Navigate to "Administration and Event Logging".
3. Scroll down to "Syslog Loghosts".

If there is no Web Access Layer this is a finding.

If there is a Web Access Layer, but the Track is not set or not configured, this is a finding.

If no log hosts are configured, this is a finding.

Fix Text

1. In the Edge SWG Web UI, navigate to the VPM.
2. Select the Web Access Layer.
3. Click the first block or allow rule.
4. Left-click "Track".
5. Click "Set".
6. Click "Add New Object".
7. Click "Event Log".
8. Under "Details" add the following:
$(appliance.name)$(appliance.primary_address)$(c-ip)$(c-port)$(c-uri)$(c-uri-address)$(c-uri-cookie-domain)$(c-uri-extension)$(c-uri-host)$(c-uri-hostname)$(c-uri-path)$(c-uri-pathquery)$(client.address)$(client.certificate.subject)$(client.host)$(client.public_address)$(cs-auth-group)$(cs-categories-policy)$(date)$(user.name)$(user.x509.subject)

9. Under "Category", click "All".
10. Under "Display Options", click "Both".
11. Click "Apply".
12. Repeat these steps for each rule under the Web Access Layer.
13. Click "Apply Policy".

1. In the Edge SWG Web UI, navigate to the Administration tab.
2. Go to "Logging and Event Logging".
3. Scroll down to "syslog loghosts".
4. Click "Add Loghost".
5. Select "TLS".
6. Enter the hostname of the syslog server.
7. Enter the port. For TLS, it is normally 6514.
8. Select the SSL Device Profile that will be used. (Note: The SSL device profile must include the CA certificate chain that signed the certificate of the syslog server if it is different from the ones that signed the web server certificate).