3.8 Logging should be enable for all Firewall Rules

Information

The Track Field defines how the events of the rule are captured.

Rationale:

The event log of firewall rules helps in identifying the allowed and blocked traffic and also helps in troubleshooting and forensic investigation. It is always good to enable logging for all the firewall rules, but by logging multiple firewall rules results in a huge log files, which requires huge disk space and management operations. Logs play an important role in security auditing, incident response, system maintenance and forensic investigation, and should be configured as per the business needs.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Set the Track field to Log in all firewall rules.

See Also

https://workbench.cisecurity.org/files/2828

Item Details

Category: AUDIT AND ACCOUNTABILITY, SECURITY ASSESSMENT AND AUTHORIZATION

References: 800-53|AU-3, 800-53|AU-12, 800-53|CA-3, 800-53|CA-9, CSCv7|6.2, CSCv7|11.2

Plugin: CheckPoint

Control ID: aa88cc6fa575583f5fe6f508304705ba3f697eab7ee98a4864a75cdb7de08741