Details
Configure a Loopback address.
Rationale:
When a router needs to initiate connections to remote hosts, for example for SYSLOG or NTP, it will use the nearest interface for the packets source address. This can cause issues due to the possible variation in source, potentially causing packets to be denied by intervening firewalls or handled incorrectly by the receiving host.
To prevent these problems the router should be configured with a Loopback interface and any services should be bound to this address.
Solution
To create a loopback interface enter the following command from the [edit interfaces] hierarchy:
[edit interfaces]
[email protected]#set lo0 unit 0 family inet address
Default Value:
No Loopback Address is configured by default.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Juniper.