Detections
Analytics

CSCv6|12.5

Title

Design and implement network perimeters so that all outgoing network traffic to the Internet must pass through at least one application layer filtering proxy server.

Description

Design and implement network perimeters so that all outgoing network traffic to the Internet must pass through at least one application layer filtering proxy server. The proxy should support decrypting network traffic, logging individual TCP sessions, blocking specific URLs, domain names, and IP addresses to implement a black list, and applying whitelists of allowed sites that can be accessed through the proxy while blocking all other sites. Organizations should force outbound traffic to the Internet through an authenticated proxy server on the enterprise perimeter.

Reference Item Details

Category: Boundary Defense

Family: Network

Audit Items

View all Reference Audit Items

NamePluginAudit Name
5.4 Ensure forwarding of decrypted content to WildFire is enabledPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.4 Ensure forwarding of decrypted content to WildFire is enabledPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
5.4 Ensure forwarding of decrypted content to WildFire is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Invalid CategoriesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Invalid CategoriesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Invalid CategoriesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - PoliciesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - PoliciesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - PoliciesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0