STIGQter STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Juniper SRX Services Gateway must implement service redundancy to protect against or limit the effects of common types of Denial of Service (DoS) attacks on the device itself.

DISA Rule

SV-223235r513394_rule

Vulnerability Number

V-223235

Group Title

SRG-APP-000435-NDM-000315

Rule Version

JUSX-DM-000164

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Interfaces can be monitored by a redundancy group for automatic failover to another node. Assign a weight to the interface to be monitored.

This configuration is an extremely complex configuration. Consult the vendor documentation.

Set the chassis cluster node ID and cluster ID.
Configure the chassis cluster management interface.
Configure the chassis cluster fabric.
Configure the chassis cluster redundancy group
Specify the interface to be monitored by a redundancy group.

Specify the interface to be monitored by a redundancy group. Example:
[edit]
set chassis cluster redundancy-group 1 interface-monitor ge-6/0/2 weight 255

Check Contents

If service redundancy is not required by the organization's policy, this is not a finding.

Verify the configuration is working properly:

[edit]
show chassis cluster interfaces command.

If service redundancy is not configured, this is a finding.

Vulnerability Number

V-223235

Documentable

False

Rule Version

JUSX-DM-000164

Severity Override Guidance

If service redundancy is not required by the organization's policy, this is not a finding.

Verify the configuration is working properly:

[edit]
show chassis cluster interfaces command.

If service redundancy is not configured, this is a finding.

Check Content Reference

M

Target Key

4098

Comments