Is there any guidance for meeting STIG requirements on an NSv?

bshort

The U.S. Department of Defense has published a Security Technical Implementation Guide that details the configuration settings they feel should be applied to various pieces of equipment. I am looking for any assistance on applying the network firewall requirements to a SonicWall NSv running 7.0 SonicOS.

STIG Requirements can be found here: https://www.stigviewer.com/stig/firewall_security_requirements_guide/

Thank you

Saravanan

Hi @bshort,

Thank you for visiting SonicWall Community.

I went through the link provided by you for STIG Requirements. As per the info shared on the link, I can tell you that our SonicWall by default abides to the STIG requirements. We have to make sure security services on the SonicWall are enabled. This is because security services are license based and sometimes we may miss out configuration here if a previously non-licensed service is licensed now.

https://www.sonicwall.com/support/knowledge-base/how-to-enable-the-security-services/170504349078273/

Please feel free to take a look at the above KB article and ensure all security services are enabled on the SonicWall. The other points on the STIG requirements link represents SonicWall's default state.

Hope this helps.

bshort

https://community.sonicwall.com/technology-and-support/discussion/comment/6167#Comment_6167

That helps. Can you tell me if SonicWall uses TCP for syslog? I thought syslog was UDP by default.

Rule Version (STIG-ID): SRG-NET-000098-FW-000021

Rule Title: The firewall must be configured to use TCP when sending log records to the central audit server.

Saravanan

Hi @BSHORT,

The firewall doesn't use TCP for syslog and it used only UDP at this time.