Unified Access Gateway supports configuration settings to allow Unified Access Gateway to comply with the Photon 3 OS Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG).
This OS compliance requires specific configuration in the Unified Access Gateway appliance.
The configuration changes are listed as follows:
- Deploy the FIPS version of Unified Access Gateway.
- Configure the following parameters during deployment.
Note: You can configure these parameters only at the time of deployment. If you do not configure during deployment,
Unified Access Gateway includes the default values.
| Parameter | Description |
|---|---|
| dsComplianceOS | Set to true to enable DISA STIG OS compliance settings. |
| rootPasswordExpirationDays | Number of days after which the root password must be mandatorily reset. Set the value to |
| passwordPolicyMinLen | Minimum length of the root password. Set the value to |
| passwordPolicyMinClass | Minimum complexity of the root password. Set the value to |
| sshEnabled | Set to true to automatically enable SSH access on the deployed appliance. |
| sshLoginBannerText | Set to an appropriate login banner that includes the text
|
| rootSessionIdleTimeoutSeconds | Duration in seconds after which an idle session of the root user will expire. Set the value to |
| passwordPolicyFailedLockout | Number of failed login attempts after which admin user access is locked out temporarily. Set the value to |
| sshInterface | Set to eth0, eth1 or eth2 according to which Unified Access Gateway NIC SSH is accessed. For example, |
| sshPort | Set to an unused port value other than port 22. For example, |
| syslogUrl | Set the syslog URL. For example, |
| ntpServers | Set the hostname(s) for NTP servers. For example, |
