7210 controller (ver 6.5.4.4) is causing havok in a security audit since it's seen as having IP forwarding enabled. Can the feature be disabled? I don't believe it's necessary to have the controller act as a router (I use a separate device for layer 3 routing). AP's are in tunnel mode and clients do not use the 7210 as default gateway.
Another thought is to test the forwarding to see if it truly works. If it turns out to be a false positive then there's no sense in modifying the Aruba config...
Thanks
-Ryan