STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021: STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:SV-217034r639663_rule
V-217034
SRG-NET-000019-RTR-000009
JUNI-RT-000290
CAT I
10
This requirement is not applicable for the DoDIN Backbone.
Configure a static route on the perimeter router to reach the AS of a router connecting to an alternate gateway as shown in the example below.
[edit routing-options]
set static route 0.0.0.0/0 next-hop x.x.x.x
This requirement is not applicable for the DoDIN Backbone.
Review the protocols hierarchy in the router configuration (see example below) and verify there are no BGP neighbors configured to a peer AS that belongs to the alternate gateway service provider.
protocols {
bgp {
group AS_2 {
type external;
peer-as 2;
neighbor x.x.x.x {
authentication-algorithm hmac-sha-1-96;
authentication-key-chain BGP_KEY;
}
neighbor x.x.x.x {
authentication-algorithm hmac-sha-1-96;
authentication-key-chain BGP_KEY;
}
}
}
If there are BGP neighbors connecting to a peer AS of the alternate gateway service provider, this is a finding.
V-217034
False
JUNI-RT-000290
This requirement is not applicable for the DoDIN Backbone.
Review the protocols hierarchy in the router configuration (see example below) and verify there are no BGP neighbors configured to a peer AS that belongs to the alternate gateway service provider.
protocols {
bgp {
group AS_2 {
type external;
peer-as 2;
neighbor x.x.x.x {
authentication-algorithm hmac-sha-1-96;
authentication-key-chain BGP_KEY;
}
neighbor x.x.x.x {
authentication-algorithm hmac-sha-1-96;
authentication-key-chain BGP_KEY;
}
}
}
If there are BGP neighbors connecting to a peer AS of the alternate gateway service provider, this is a finding.
M
4032