Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
From the NSX-T Manager web interface, go to Networking >> Tier-1 Gateways. For every Tier-1 Gateway, expand the Tier-1 Gateway. Click on the number in the Linked Segments to review the currently linked segments. For every Tier-1 Gateway, expand the Tier-1 Gateway. Expand Service Interfaces, then click on the number to review the Service Interfaces. Review each interface or linked segment present to determine if they are not in use or inactive. If there are any linked segments or service interfaces present on a Tier-1 Gateway that are not in use or inactive, this is a finding.
To remove a stale linked segment from a Tier-1 Gateway, do the following: From the NSX-T Manager web interface, go to Networking >> Segments and edit the target segment. Under Connected Gateway, change to "None" and click "Save". Note: The stale linked segment can also be deleted if there are no active workloads attached to it. To remove a stale service interface from a Tier-1 Gateway, do the following: From the NSX-T Manager web interface, go to Networking >> Tier-1 Gateways >> Edit the target Tier-1 Gateway. Expand Service Interfaces >> click on the number to view the Service Interfaces. On the stale service interface, select "Delete" and click "Delete" again to confirm.
From the NSX-T Manager web interface, go to Networking >> Tier-1 Gateways. For every Tier-1 Gateway expand the Tier-1 Gateway to view the DHCP configuration. If a DHCP profile is configured and not in use, this is a finding.
From the NSX-T Manager web interface, go to Networking >> Tier-1 Gateways and edit the target Tier-1 Gateway. Click "Set DHCP Configuration", select "No Dynamic IP Address Allocation", click "Save", and then close "Editing".
From the NSX-T Manager web interface, go to Networking >> Segments. For every Segment connected to a Tier-1 Gateway, Expand Segment >> Expand Segment Profiles >> Record QOS Segment Profile. Go to Segment Profiles >> Expand QOS Segment Profile recorded in previous steps. If there are traffic priorities specified by the Combatant Commands/Services/Agencies needed to ensure sufficient capacity for mission-critical traffic and none are configured, this is a finding.
To create a segment QoS profile, do the following: From the NSX-T Manager web interface, go to Networking >> Segments >> Segment Profiles. Click "Add Segment Profile" and select "QoS". Configure a profile name and QoS settings as needed and click "Save". To apply a QoS profile to a segment do the following: From the NSX-T Manager web interface, go to Networking >> Segments and edit the target segment. Expand Segment Profiles and under QoS select the profile previously created and "Save".
From the NSX-T Manager web interface, go to Networking >> Tier-1 Gateways. For every Tier-1 Gateway, expand the Tier-1 Gateway then expand Multicast to view the Multicast configuration. If Multicast is enabled and not in use, this is a finding.
To disable Multicast do the following: From the NSX-T Manager web interface, go to Networking >> Tier-1 Gateways and edit the target Tier-1 Gateway. Expand Multicast and change from "Enabled" to "Disabled" and then click "Save".