The Juniper SRX Services Gateway must implement service redundancy to protect against or limit the effects of common types of Denial of Service (DoS) attacks on the device itself.

An XCCDF Rule

Description

<VulnDiscussion>Service redundancy, may reduce the susceptibility to some DoS attacks. Organizations must consider the need for service redundancy in accordance with DoD policy. If service redundancy is required then this technical control is applicable. The Juniper SRX can configure your system to monitor the health of the interfaces belonging to a redundancy group.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-223235r961620_rule
Severity: Low
References: CCI-002385
Updated: 17 days ago

Interfaces can be monitored by a redundancy group for automatic failover to another node. Assign a weight to the interface to be monitored.

This configuration is an extremely complex configuration. Consult the vendor documentation.

Set the chassis cluster node ID and cluster ID. 
Configure the chassis cluster management interface.Configure the chassis cluster fabric.
Configure the chassis cluster redundancy group 
Specify the interface to be monitored by a redundancy group. 

Specify the interface to be monitored by a redundancy group. Example:
[edit]
set chassis cluster redundancy-group 1 interface-monitor ge-6/0/2 weight 255

The Juniper SRX Services Gateway must implement service redundancy to protect against or limit the effects of common types of Denial of Service (DoS) attacks on the device itself.

Description

Remediation - Manual Procedure