The Juniper SRX Services Gateway must implement service redundancy to protect against or limit the effects of common types of Denial of Service (DoS) attacks on the device itself.
An XCCDF Rule
Description
<VulnDiscussion>Service redundancy, may reduce the susceptibility to some DoS attacks. Organizations must consider the need for service redundancy in accordance with DoD policy. If service redundancy is required then this technical control is applicable. The Juniper SRX can configure your system to monitor the health of the interfaces belonging to a redundancy group.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-223235r513394_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
Interfaces can be monitored by a redundancy group for automatic failover to another node. Assign a weight to the interface to be monitored.
This configuration is an extremely complex configuration. Consult the vendor documentation.
Set the chassis cluster node ID and cluster ID.
Configure the chassis cluster management interface.