[j-nsp] Secure Junos template
Goldschmidt, Bernd
bernd.goldschmidt at siemens.com
Wed Apr 26 04:20:49 EDT 2006
Hi Ian,
it is enough to set the firewall filter only to the loopback interface.
http://www.juniper.net/solutions/literature/app_note/350013.pdf
"To protect the Routing Engine, a firewall filter needs to be applied only to the router's loopback
interface. Adding or modifying filters for every interface on the router is not necessary, which is a
significant departure from equivalent procedures on legacy routers."
Yes,it protects the whole router and you can ssh to all local interface addresses.
Gruß
Bernd.
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Ian
> MacKinnon
> Sent: Wednesday, April 26, 2006 9:29 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Secure Junos template
>
> Hi All,
>
> I am looking at the secure Junos template from
> http://www.cymru.com/gillsr/documents/junos-template.pdf
>
> In particular the router-protect term, it is allowing ssh from some
> secure networks and denying it from all others. That I understand.
> However it is only applied to the loopback interface, does
> this protect
> the whole router? Can you still ssh to interface ip addresses
> directly?
>
>
> --
> Ian MacKinnon
> --
>
> This email and any files transmitted with it are confidential
> and intended
> solely for the use of the individual or entity to whom they
> are addressed.
> If you have received this email in error please notify the
> sender. Any
> offers or quotation of service are subject to formal specification.
> Errors and omissions excepted. Please note that any views or
> opinions
> presented in this email are solely those of the author and do not
> necessarily represent those of Lumison, nplusone or
> lightershade ltd.
> Finally, the recipient should check this email and any
> attachments for the
> presence of viruses. Lumison, nplusone and lightershade ltd
> accepts no
> liability for any damage caused by any virus transmitted by
> this email.
>
> --
> --
> Virus scanned by Lumison.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list