STIGQter STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:

The Juniper BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.

DISA Rule

SV-217062r639663_rule

Vulnerability Number

V-217062

Group Title

SRG-NET-000512-RTR-000001

Rule Version

JUNI-RT-000560

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the router to use its loopback address as the source address for all iBGP peering.

[edit protocols bgp group IBGP_PEERS]
set local-address 2.2.2.2

Check Contents

Review the router configuration to verify that a loopback address has been configured.

interfaces {



}
lo0 {
unit 0 {
family inet {
address 2.2.2.2/32;
}
}
}
}

Verify that the loopback interface is used as the source address for all iBGP sessions.

protocols {
bgp {



}
group IBGP_PEERS {
type internal;
local-address 2.2.2.2;
neighbor x.x.x.x;
}

If the router does not use its loopback address as the source address for all iBGP sessions, this is a finding.

Vulnerability Number

V-217062

Documentable

False

Rule Version

JUNI-RT-000560

Severity Override Guidance

Review the router configuration to verify that a loopback address has been configured.

interfaces {



}
lo0 {
unit 0 {
family inet {
address 2.2.2.2/32;
}
}
}
}

Verify that the loopback interface is used as the source address for all iBGP sessions.

protocols {
bgp {



}
group IBGP_PEERS {
type internal;
local-address 2.2.2.2;
neighbor x.x.x.x;
}

If the router does not use its loopback address as the source address for all iBGP sessions, this is a finding.

Check Content Reference

M

Target Key

4032

Comments