STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

VMware NSX-T Tier 1 Gateway Firewall Security Technical Implementation Guide

Version

V1R3

Benchmark ID

VMW_NSX-T_T1_Gateway_FW_STIG

Total Checks

9

Tags

networkvmware

CAT I: 0CAT II: 8CAT III: 1

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (9)

V-251761MEDIUMThe NSX-T Tier-1 Gateway Firewall must generate traffic log entries containing information to establish what type of events occurred.V-251762LOWThe NSX-T Tier-1 Gateway Firewall must generate traffic log entries containing information to establish the details of the event.V-251763MEDIUMEach NSX-T Edge Node configured to host a Tier-1 Gateway Firewall must be configured to use the TLS or LI-TLS protocols to configure and secure traffic log records.V-251764MEDIUMThe NSX-T Tier-1 Gateway Firewall must block outbound traffic containing denial-of-service (DoS) attacks to protect against the use of internal information systems to launch any DoS attacks against other networks or endpoints.V-251765MEDIUMThe NSX-T Tier-1 Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).V-251766MEDIUMThe NSX-T Tier-1 Gateway Firewall must be configured to send traffic log entries to a central audit server for management and configuration of the traffic log entries.V-251767MEDIUMThe NSX-T Tier-1 Gateway Firewall must employ filters that prevent or limit the effects of all types of commonly known denial-of-service (DoS) attacks, including flooding, packet sweeps, and unauthorized port scanning.V-251768MEDIUMThe NSX-T Tier-1 Gateway Firewall must apply ingress filters to traffic that is inbound to the network through any active external interface.V-251769MEDIUMThe NSX-T Tier-1 Gateway Firewall must configure SpoofGuard to block outbound IP packets that contain illegitimate packet attributes.