STIGQter: STIG Summary: Juniper SRX Services Gateway ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Juniper SRX Services Gateway Firewall must implement load balancing on the perimeter firewall, at a minimum, to limit the effects of known and unknown types of Denial of Service (DoS) attacks on the network.

DISA Rule

SV-214530r557389_rule

Vulnerability Number

V-214530

Group Title

SRG-NET-000362-ALG-000120

Rule Version

JUSX-AG-000121

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Consult vendor configuration guides and knowledge base. Implement one or more methods of load balance (e.g., filter based forwarding, per flow load balancing, per-packet load balancing, or High Availability [HA]).

Check Contents

Since load balancing is a highly complex configuration that can be implemented using a wide variety of configurations, ask the site representative to demonstrate the method used and the configuration.

If load balancing is not implemented on the perimeter firewall, this is a finding.

Vulnerability Number

V-214530

Documentable

False

Rule Version

JUSX-AG-000121

Severity Override Guidance

Since load balancing is a highly complex configuration that can be implemented using a wide variety of configurations, ask the site representative to demonstrate the method used and the configuration.

If load balancing is not implemented on the perimeter firewall, this is a finding.

Check Content Reference

M

Target Key

4004

Comments