Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabled

MEDIUM

Description

Enabled IP forwarding on your virtual machine through Azure Network Interface may lead to unauthorized access.

Remediation

In Azure Console -

Open the Azure Portal and go to Network interfaces.
Choose the Network interfaces you wish to edit.
Under IP configurations, Set IP forwarding to Disable.
Select Save.

In Terraform -

In the azurerm_network_interface resource, set enable_ip_forwarding to false.

References:
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface#enable_ip_forwarding

Policy Details

Rule Reference ID: AC_AZURE_0125

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_network_interface

Resource Category: Compute

Resource Type: Virtual Machine

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2