STIGQter: STIG Summary: Juniper SRX Services Gateway VPN Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Juniper SRX Services Gateway VPN must limit the number of concurrent sessions for user accounts to one (1) and administrative accounts to three (3), or set to an organization-defined number.

DISA Rule

SV-214668r382774_rule

Vulnerability Number

V-214668

Group Title

SRG-NET-000053

Rule Version

JUSX-VN-000001

Severity

CAT II

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

Configure the VPN IKE gateway to limit concurrent sessions. The following is an example.

[edit]
set security ike gateway <VPN-GATEWAY> dynamic connections-limit 1

[edit]
set security ike gateway <VPN-GATEWAY> dynamic connections-limit 3

Check Contents

Verify the VPN Internet Key Exchange (IKE) gateway limits concurrent sessions.

[edit]
show security ike

View the value for the connections-limit.

If the VPN IKE gateway does not limit the number of concurrent sessions for user accounts to one (1) and administrative accounts to three (3), or is set to an organization-defined number, this is a finding.

Vulnerability Number

V-214668

Documentable

False

Rule Version

JUSX-VN-000001

Severity Override Guidance

Verify the VPN Internet Key Exchange (IKE) gateway limits concurrent sessions.

[edit]
show security ike

View the value for the connections-limit.

If the VPN IKE gateway does not limit the number of concurrent sessions for user accounts to one (1) and administrative accounts to three (3), or is set to an organization-defined number, this is a finding.

Check Content Reference

M

Target Key

4009

Comments