Hello Folks,
I found your mail on the juniper platform and thank for all your help and support that help us to progress.
I have a concern not sure here is the appropriate mean of contact if not my apology in advance.
I have 2 Junipers SRX345 IN CLUSTER with 2 deferent IPs
One act as node 0 with ip 10.x.x.61
And node 1 with IP 10.x.x.62
After a Nessus scanner we noticed the device respond to the NTP mode 6 query vulnerability
I therefore try to use the firewall filter to block the ntp packets In order to fix the issue according to the below command
set groups node0 system ntp server 172.x.x.1 prefer
set groups node0 system ntp server 172.x.x.10
set groups node1 system ntp server 172.x.x.10
set groups node1 system ntp server 172.20.30.1 prefer
set firewall family inet filter ACL-Admin term NTP from source-address 172.x.x.1/32
set firewall family inet filter ACL-Admin term NTP from source-address 172.x.x.10/32
set firewall family inet filter ACL-Admin term NTP from destination-address 10.x.x.62/32
set firewall family inet filter ACL-Admin term NTP from protocol udp
set firewall family inet filter ACL-Admin term NTP from destination-port ntp
set firewall family inet filter ACL-Admin term NTP then accept
set firewall family inet filter ACL-Admin term NTP_BLOCK from source-address 0.0.0.0/0
set firewall family inet filter ACL-Admin term NTP_BLOCK from protocol udp
set firewall family inet filter ACL-Admin term NTP_BLOCK from destination-port ntp
set firewall family inet filter ACL-Admin term NTP_BLOCK then discard
set firewall family inet filter ACL-Admin term default then accep
Only that it is not working after a rescan . what could be the problem what is missing or must be remove from the above config.
I have the following issue with the EX4200
set firewall family inet filter ACL-Admin term NTP from source-address 172.x.x.1/32
set firewall family inet filter ACL-Admin term NTP from source-address 172.x.x.10/32
set firewall family inet filter ACL-Admin term NTP from destination-address 10.x.x.5/32
set firewall family inet filter ACL-Admin term NTP from protocol udp
set firewall family inet filter ACL-Admin term NTP from destination-port ntp
set firewall family inet filter ACL-Admin term NTP then accept
set firewall family inet filter ACL-Admin term NTP_BLOCK from source-address 0.0.0.0/0
set firewall family inet filter ACL-Admin term NTP_BLOCK from protocol udp
set firewall family inet filter ACL-Admin term NTP_BLOCK from destination-port ntp
set firewall family inet filter ACL-Admin term NTP_BLOCK then discard
set firewall family inet filter ACL-Admin term default then accept
Any help , explanation is much appreciate !
------------------------------
DIEUDONNE LEUMALEU FEUDE
------------------------------