Aaron writes: >I'm new to Juniper. and I'm looking to protect ssh/telnet on all interfaces >on my juniper ACX5048's.
First comment is: if you want security, don't allow telnet. Force the use of ssh. Me, I don't even like allowing passwords. JUNOS now supports the "system services ssh no-passwords" knob to force the use of ssh keys over text passwords. And your radius server will happily serve ssh keys. Force the move away from passwords. The "lo0" filter covers traffic to the routing engine. Any filter applied to lo0 will block/allow only that traffic. More generally, take a look at the "secure junos template" from Team Cymru: http://www.team-cymru.org/templates.html Thanks, Phil _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp