STIGQter STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:

The Juniper multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing.

DISA Rule

SV-217082r639663_rule

Vulnerability Number

V-217082

Group Title

SRG-NET-000019-RTR-000003

Rule Version

JUNI-RT-000780

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Document all enabled interfaces for PIM in the network's multicast topology diagram. Disable support for PIM on interfaces that are not required to support it.

[edit protocols pim]
delete interface ge-2/1/1.0

Check Contents

Review the network's multicast topology diagram.

Review the router configuration to verify that only the PIM interfaces as shown in the multicast topology diagram are enabled for PIM.

protocols {



pim {
interface ge-1/0/1.0 {
mode sparse;
}
interface ge-1/1/1.0 {
mode sparse;
}
interface ge-2/1/0.0 {
mode sparse;
}
interface ge-2/1/1.0 {
mode sparse;
}
}

If an interface is not required to support multicast routing and it is enabled, this is a finding.

Vulnerability Number

V-217082

Documentable

False

Rule Version

JUNI-RT-000780

Severity Override Guidance

Review the network's multicast topology diagram.

Review the router configuration to verify that only the PIM interfaces as shown in the multicast topology diagram are enabled for PIM.

protocols {



pim {
interface ge-1/0/1.0 {
mode sparse;
}
interface ge-1/1/1.0 {
mode sparse;
}
interface ge-2/1/0.0 {
mode sparse;
}
interface ge-2/1/1.0 {
mode sparse;
}
}

If an interface is not required to support multicast routing and it is enabled, this is a finding.

Check Content Reference

M

Target Key

4032

Comments