STIGQter STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

If the loopback interface is used, the Juniper SRX Services Gateway must protect the loopback interface with firewall filters for known attacks that may exploit this interface.

DISA Rule

SV-223203r513298_rule

Vulnerability Number

V-223203

Group Title

SRG-APP-000516-NDM-000317

Rule Version

JUSX-DM-000084

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

If the loopback interface is used, configure firewall filters. The following is an example of configuring a loopback address with filters on the device. It shows the format of both IPv4 and IPv6 addresses being applied to the interface. The first two commands show firewall filters being applied to the interface.

[edit]
set interfaces lo0 unit 0 family inet filter input protect_re
set interfaces lo0 unit 0 family inet6 filter input protect_re-v6
set interfaces lo0 unit 0 family inet address 1.1.1.250/32
set interfaces lo0 unit 0 family inet6 address 2100::250/128

Check Contents

If the loopback interface is not used, this is not applicable.

Verify the loopback interface is protected by firewall filters.

[edit]
show interfaces lo0

If the loopback interface is not configured with IPv6 and IPv4 firewall filters, this is a finding.

Vulnerability Number

V-223203

Documentable

False

Rule Version

JUSX-DM-000084

Severity Override Guidance

If the loopback interface is not used, this is not applicable.

Verify the loopback interface is protected by firewall filters.

[edit]
show interfaces lo0

If the loopback interface is not configured with IPv6 and IPv4 firewall filters, this is a finding.

Check Content Reference

M

Target Key

4098

Comments