For nonlocal maintenance sessions, the Juniper SRX Services Gateway must explicitly deny the use of J-Web.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
high	V-223237	SRG-APP-000142-NDM-000245	JUSX-DM-000167	SV-223237r1043177_rule	2024-12-20	3

Description
If unsecured functions (lacking FIPS-validated cryptographic mechanisms) are used for management sessions, the contents of those sessions are susceptible to manipulation, potentially allowing alteration and hijacking. J-Web (configured using the system services web-management option) does not meet the DoD requirement for management tools. It also does not work with all Juniper SRX hardware. By default, the web interface is disabled; however, it is easily enabled.

Description

If unsecured functions (lacking FIPS-validated cryptographic mechanisms) are used for management sessions, the contents of those sessions are susceptible to manipulation, potentially allowing alteration and hijacking. J-Web (configured using the system services web-management option) does not meet the DoD requirement for management tools. It also does not work with all Juniper SRX hardware. By default, the web interface is disabled; however, it is easily enabled.

ℹ️ Check
Verify web-management is not enabled. [edit] show system services web-management If a stanza exists that configures web-management service options, this is a finding.

✔️ Fix
Remove the web-management service. [edit] delete system services web-management