[j-nsp] RE filter BCP
Jason Lixfeld
jason-jnsp at lixfeld.ca
Thu Jan 3 13:53:11 EST 2019
Hi all,
Would the Day-Zero Hardening JunOS, 2nd Edition publication be the defecto BCP for RE filter hardening?
I’ve noticed that publication is a little more liberal in it's RE filtering suggestions vs. say, Juniper MX Series, O’Reilly.
Having dug through both, the Juniper guide seems more platform agnostic, which probably contributes to why it’s more liberal (variations in cross-platform feature support).
Of course, the O’Reilly guide is MX specific so you can’t really take a template and drop it onto a QFX. However, if the day-zero guide provides practices that are suitable enough to use on an MX running as an Internet border router, how fair is it to say that the same template could be used for some other JunOS device that was acting as a customer ethernet access device, for example.
Thanks!
More information about the juniper-nsp
mailing list