STIGQter STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:

The Juniper PE router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces.

DISA Rule

SV-217077r639663_rule

Vulnerability Number

V-217077

Group Title

SRG-NET-000205-RTR-000008

Rule Version

JUNI-RT-000720

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure uRPF loose mode on all CE-facing interfaces as shown in the example.

[edit interfaces ge-0/1/0 unit 0 family inet]
set rpf-check mode loose

Check Contents

Review the router configuration to determine if uRPF loose mode is enabled on all CE-facing interfaces.

interfaces {
ge-0/1/0 {
description "link to Customer 2";
unit 0 {
family inet {
rpf-check {
mode loose;
}
address x.x.x.x/30;
}
}
}

If uRPF loose mode is not enabled on all CE-facing interfaces, this is a finding.

Vulnerability Number

V-217077

Documentable

False

Rule Version

JUNI-RT-000720

Severity Override Guidance

Review the router configuration to determine if uRPF loose mode is enabled on all CE-facing interfaces.

interfaces {
ge-0/1/0 {
description "link to Customer 2";
unit 0 {
family inet {
rpf-check {
mode loose;
}
address x.x.x.x/30;
}
}
}

If uRPF loose mode is not enabled on all CE-facing interfaces, this is a finding.

Check Content Reference

M

Target Key

4032

Comments