Ensure that all the Microsoft Azure network interfaces (NICs) with IP forwarding enabled are regularly reviewed for security and compliance reasons. The IP Forwarding feature enables the virtual machine (VM) associated with the network interface attached, to receive network traffic that is not intended for one of the IP addresses defined within the IP configurations attached to the network interface, and send network traffic with a different source IP address than the one assigned to one of a network interface's IP configurations. Therefore, IP forwarding is used only by Azure virtual machines that need to forward traffic (also known as a network virtual appliances).
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
The IP Forwarding feature enabled on a virtual machine's network interface (NIC) allows the VM to act as a router and receive traffic addressed to other destinations. Because IP forwarding is rarely required (except when the virtual machine is used as a network virtual appliance), each associated network interface should be reviewed by your network security team in order to decide whether or not IP forwarding is really needed.
To review each Azure network interface (NIC) with IP forwarding enabled, perform the following operations:
Remediation / Resolution
Case A: IP forwarding is not required for the Microsoft Azure virtual machine associated with the network interface (NIC). In this case, perform the following operations to disable the feature:
Case B: IP forwarding is required for the Microsoft Azure virtual machine associated with the Network Interface (NIC). In this case the feature is enabled by design and intentional, and no further actions need to be taken.
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Review Network Interfaces with IP Forwarding Enabled
Risk level: Medium