STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Juniper SRX SG NDM Security Technical Implementation Guide

V-66015

CAT II (Medium)

If the loopback interface is used, the Juniper SRX Services Gateway must protect the loopback interface with firewall filters for known attacks that may exploit this interface.

Rule ID

SV-80505r1_rule

STIG

Juniper SRX SG NDM Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-000366

Discussion

The loopback interface is a logical interface and has no physical port. Since the interface and addresses ranges are well-known, this port must be filtered to protect the Juniper SRX from attacks.

Check Content

If the loopback interface is not used, this is not applicable.

Verify the loopback interface is protected by firewall filters.

[edit]
show interfaces lo0

If the loopback interface is not configured with IPv6 and IPv4 firewall filters, this is a finding.

Fix Text

If the loopback interface is used, configure firewall filters. The following is an example of configuring a loopback address with filters on the device. It shows the format of both IPv4 and IPv6 addresses being applied to the interface. The first two commands show firewall filters being applied to the interface.

[edit]
set interfaces lo0 unit 0 family inet filter input protect_re
set interfaces lo0 unit 0 family inet6 filter input protect_re-v6
set interfaces lo0 unit 0 family inet address 1.1.1.250/32
set interfaces lo0 unit 0 family inet6 address 2100::250/128