I'm going through the process of hardening the configurations for all of my SRX firewalls. I have enabled radius authentication with two factor so were tracking and authenticating before making any changes. I'm disabling remote root-login for my devices but that just brings me to some questions: Do you have local user-accounts that are enabled in the event that you lose communication with your radius servers and if so, do you have a password update frequency? Par t of my hardening is to prevent local account authorization unless radius is down, is that secure enough to allow the use of local logins?
------------------------------
Thomas Anderson
------------------------------