1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management

Information

Permit only the necessary IP addresses to be used to manage the device.
Rationale:
Management access to the device should be restricted to the IP addresses used by firewall administrators. Permitting management access from other IP addresses increases the risk of unauthorized access through password guessing, stolen credentials, or other means.

Solution

Navigate to Device > Setup > Management > Management Interface Settings.
Set Permitted IP Addresses to only those necessary for device management.
or
To remediate this setting using the CLI, execute the following command:
username@hostname#set deviceconfig system permitted-ip <ipaddress/netmask>
username@hostname#commit
Default Value:
Not enabled

See Also

https://workbench.cisecurity.org/files/1780

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(11), CSCv6|11.6, CSCv6|11.7

Plugin: Palo_Alto

Control ID: 1f6a39932c2f1ad7991c8d48e3a38f23333301f8f49c1461ef8c3e9f5502f448