To Next Page

To Previous Page

$SSHQGL[%&RQILJXUDWLRQIRU&RPPRQ&ULWHULD($/

% 1HW6FUHHQ

3523(567(36726(&85($1(76&5((1'(9,&()25

20021&5,7(5,$($/&203/,$1&(

To configure a NetScreen device to operate securely, and in conformance with the

requirements outlined in NetScreen’s Security Target for Common Criteria EAL2, the

following actions must be taken:

• You must configure a Syslog server as a backup for security audit information,

and for long-term audit log information storage. This will help prevent a loss in

security audit information. See Chapter 2, “Monitoring NetScreen Devices,” in

Volume 3 of the NetScreen Concepts & Examples manual for more information

on how to set up and configure a Syslog server to work with NetScreen devices.

The specific commands required to set up a Syslog server are listed below:

set syslog config ip_address security_facility

local_facility

set syslog enable

set syslog traffic

set log module system level level destination syslog

• There are cases where more auditable events can occur than the NetScreen

device is able to write to a syslog server. To be compliant with Common Criteria

requirements, the NetScreen device must stop further auditable events from

occurring until the audit trail is able to handle more traffic. An authorized

administrator must enable the following command:

set log audit-loss-mitigation

• The NetScreen-5XP and NetScreen-5XT have a default policy that allows traffic

to traverse the device from the interface in the Trust zone to the interface in the

Untrust zone. You must delete this default policy to avoid inadvertently

allowing information to traverse the device. See the policy commands in the

NetScreen CLI Reference Guide for more information on how to set and unset

policies.

Note: The set syslog config command requires that you define the security

facility and local facility. See the syslog command in the NetScreen CLI

Reference Guide for a complete list of options for security_facility and

local_facility.

Note: You must enter the set log command once for each message level. The

options for level are listed below:

emergency

alert

critical

error

warning

notification

information

Brand	Juniper
Model	NetScreen-50
Category	Firewall
Language	English

Juniper NetScreen-50 Installer's Guide

Table of Contents

Other manuals for Juniper NetScreen-50

Questions and Answers:

Juniper NetScreen-50 Specifications

Related product manuals