Skip to content

Juniper SRX Services Gateway VPN Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • If IDPS inspection is performed separately from the Juniper SRX Services Gateway VPN device, the VPN must route sessions to an IDPS for inspection.

    <VulnDiscussion>Remote access devices, such as those providing remote access to network devices and information systems, which lack automated...
    Rule Medium Severity
  • SRG-NET-000512

    <GroupDescription></GroupDescription>
    Group
  • The Juniper SRX Services Gateway VPN must not accept certificates that have been revoked when using PKI for authentication.

    &lt;VulnDiscussion&gt;Situations may arise in which the certificate issued by a Certificate Authority (CA) may need to be revoked before the lifeti...
    Rule High Severity
  • SRG-NET-000512

    <GroupDescription></GroupDescription>
    Group
  • The Juniper SRX Services Gateway VPN must specify Perfect Forward Secrecy (PFS).

    &lt;VulnDiscussion&gt;PFS generates each new encryption key independently from the previous key. Without PFS, compromise of one key will compromise...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules