ScreenOS Firewalls (NOT SRX)
Reply
Contributor
iaminit
Posts: 14
Registered: ‎05-09-2008
0

disable the tftp service on the firewalls?

Is it possible to completely disable the TFTP service that runs on the netscreen firewalls? We have a security compliance software application that runs against the firewalls, and always reports a vulnerability finding with TFTP service running. Curious as to whether it can be disabled or shut off altogether?
Distinguished Expert
firewall72
Posts: 825
Registered: ‎05-04-2008
0

Re: disable the tftp service on the firewalls?

Hi,

 

Juniper Firewalls don't typically run a TFTP service.  I'm guessing you either have a MIP redirecting TFTP to another box running this service or maybe the wrong protocol is being reported.  Are you sure it wasn't "Telnet" that is being reported?  This provides management access, but doesn't encrypt the username and password.  This is why SSH is recommended instead.  You can remove this by Editing the Interface being audited and unchecking "telnet".  I hope this helps.

 

-John

John Judge
JNCIS-SEC, JNCIS-ENT,

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.
Super Contributor
shashlik
Posts: 70
Registered: ‎02-20-2008
0

Re: disable the tftp service on the firewalls?

Juniper firewalls only have TFTP client built-in.  No TFTP server.

 

Do  you know how it's being determined that TFTP server is open?

 

Regards,

 

Contributor
iaminit
Posts: 14
Registered: ‎05-09-2008
0

Re: disable the tftp service on the firewalls?

The infosec dept has some type of ISS scanner that sweeps/scans the firewall itself, and this is what is came back with. It scanned other SSG's of the same model and code, so I'm curious as to why it flagged TFTP as being a vulberable service on this box.

Super Contributor
shashlik
Posts: 70
Registered: ‎02-20-2008
0

Re: disable the tftp service on the firewalls?

what platform and screenOS ver showed this issue?

 

Thanks,