STIGQter STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:

The Juniper perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces.

DISA Rule

SV-233292r639663_rule

Vulnerability Number

V-233292

Group Title

SRG-NET-000512-RTR-000014

Rule Version

JUNI-RT-000381

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove any external IPv6-enabled interfaces from the protocols router-advertisement hierarchy.

Check Contents

This requirement is not applicable for the DODIN Backbone.

Review the router configuration to verify that Router Advertisements are suppressed on all external IPv6-enabled interfaces as shown in the example below.

By default, router advertisements are disabled by Junos. Verify that there are no external-facing interfaces defined under the protocols router-advertisement hierarchy as shown in the example below.

protocols {
router-advertisement {
interface fe-0/1/0.0 {
prefix 2001:1:123::/64;
}
}
}

If the router is not configured to suppress Router Advertisements on all external IPv6-enabled interfaces, this is a finding.

Vulnerability Number

V-233292

Documentable

False

Rule Version

JUNI-RT-000381

Severity Override Guidance

This requirement is not applicable for the DODIN Backbone.

Review the router configuration to verify that Router Advertisements are suppressed on all external IPv6-enabled interfaces as shown in the example below.

By default, router advertisements are disabled by Junos. Verify that there are no external-facing interfaces defined under the protocols router-advertisement hierarchy as shown in the example below.

protocols {
router-advertisement {
interface fe-0/1/0.0 {
prefix 2001:1:123::/64;
}
}
}

If the router is not configured to suppress Router Advertisements on all external IPv6-enabled interfaces, this is a finding.

Check Content Reference

M

Target Key

4032

Comments