Firewall Filter - Protect the Routing Engine using a default deny firewall filter

Information

Finally, configure the default deny term to discard and log all traffic. The log option saves the packet header information in a buffer on the Packet Forwarding Engine (PFE) and the syslog option stores the packet header information on the Routing Engine.

Solution

Configure the firewall engine to deny all unknown traffic.

user@host# edit firewall family inet filter <NAME>
user@host# set term default-deny

See Also

http://www.juniper.net/us/en/training/jnbooks/day-one/fundamentals-series/hardening-junos-devices-checklist/

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(5)

Plugin: Juniper

Control ID: 51cbca71e11a9460f9345e987505db50ff75dd984484c04e9b2bb18f9f4f5c60