The firewall must be configured to inspect all inbound and outbound IPv6 traffic for unknown or out-of-order extension headers.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-223012	SRG-NET-000364-FW-000041	SV-223012r604133_rule		Medium

Description

STIG	Date
Firewall Security Requirements Guide	2024-12-04

Details

Check Text (C-24684r457851_chk)

Review the firewall configuration to verify that IPv6 inspection is being performed on all interfaces.
If the firewall is not configujred to inspect all inbound and outbound IPv6 traffic for unknown or out-of-order extension headers, this is a finding.

Fix Text (F-24673r457853_fix)

Configure the firewall to inspect all inbound and outbound traffic at the application layer.