SV-214537r557389_rule
V-214537
SRG-NET-000390-ALG-000139
JUSX-AG-000144
CAT I
10
Configure a security policy or screen to each inbound zone to implement continuous monitoring. The following commands configure a security zone called “untrust” that can be used to apply security policy for inbound interfaces that are connected to untrusted networks. This example assumes that interfaces ge-0/0/1 and ge-0/0/2 are connected to untrusted and trusted network segments.
Apply policy or screen to a zone example:
set security zones security-zone untrust interfaces ge-0/0/1.0
set security zones security-zone trust interfaces ge-0/0/2.0
set security zones security-zone untrust screen untrust-screen
set security policies from-zone untrust to-zone trust policy default-deny match destination-address any
set security policies from-zone untrust to-zone trust policy default-deny then deny
For each inbound zone, verify a firewall screen or security policy is configured.
[edit]
show security zone
show security policies
If communications traffic for each inbound zone is not configured with a firewall screen and/or security policy, this is not a finding.
V-214537
False
JUSX-AG-000144
For each inbound zone, verify a firewall screen or security policy is configured.
[edit]
show security zone
show security policies
If communications traffic for each inbound zone is not configured with a firewall screen and/or security policy, this is not a finding.
M
4004