STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated just now
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to RUCKUS ICX Router Security Technical Implementation Guide

V-273586

CAT I (High)

The RUCKUS ICX perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider.

Rule ID

SV-273586r1111032_rule

STIG

RUCKUS ICX Router Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001414

Discussion

ISPs use BGP to share route information with other autonomous systems (i.e., other ISPs and corporate networks). If the perimeter router was configured to BGP peer with an ISP, NIPRNet routes could be advertised to the ISP, thereby creating a backdoor connection from the internet to the NIPRNet.

Check Content

This requirement is not applicable for the DODIN Backbone.

Determine the IP address of the alternate gateway service provider and confirm that the ICX is not configured with that address as a BGP peer.  

If the ICX is configured with the alternate gateway service provider IP address as a BGP peer, this is a finding.

Fix Text

This requirement is not applicable for the DODIN Backbone. 

Delete the BGP peer statement to the alternate gateway service provider:
ICX(config)# router bgp
ICX(config-bgp-router)# no neighbor x.x.x.x remote-as yyyy

If necessary, configure a default route to the alternate gateway service provider:
ICX(config)# ip route 0.0.0.0/0 x.x.x.x