junipersrx防火牆常用配置?1.1 主機名root@SRX550# set system host-name SRX550 ，今天小編就來聊一聊關于junipersrx防火牆常用配置?接下來我們就一起去研究一下吧!

junipersrx防火牆常用配置

1.1 主機名

root@SRX550# set system host-name SRX550

1.2 設置時區

root@SRX550# set system time-zone Asia/Shanghai

1.3 開啟遠程服務

root@SRX550# set system services ssh root@SRX550# set system services telnet

1.4 開啟web管理并允許從0/0/1接口管理

root@SRX550# set system services web-management https system-generated-certificate root@SRX550# set system services web-management https interface ge-0/0/1.0

1.5 配置SNMP讀寫團體字

root@SRX550# set snmp community xmcyy authorization read-write

2.1 設置root密碼,新設備第一步必須先設置root密碼

root@SRX550#set system root-authentication plain-text-password

2.2 設置用戶admin,權限超級級管理員

root@SRX550#set system login user admin uid 2000 root@SRX550#set system login user admin class super-user

3.1 配置三層接口

root@SRX550# set interfaces ge-0/0/0 unit 0 family inet address 110.250.250.2/24 root@SRX550# set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24

3.2 将1口加入trust域

root@SRX550# set security zones security-zone trust interfaces ge-0/0/1.0

3.3 将0口加入untrust域

root@SRX550# set security zones security-zone untrust interfaces ge-0/0/0.0

4.1 默認路由

root@SRX550# set routing-options static route 0.0.0.0/0 next-hop 110.250.250.1

4.2 靜态路由

root@SRX550# set routing-options static route 172.16.0.0/24 next-hop 192.168.1.254

5.1 創建端口組Service_1433及對應端口：

root@SRX550# set applications application Service_1433 term Service_1433 protocol tcp root@SRX550# set applications application Service_1433 term Service_1433 source-port 0-65535 root@SRX550# set applications application Service_1433 term Service_1433 destination-port 1433-1433

5.2 創建應用組Service_allow，并将Service_1433加入到應用組：

root@SRX550# set applications application-set Service_allow application Service_1433

5.3 創建地址組

root@SRX550# set security zones security-zone trust address-book address 172.16.0.0/24 172.16.0.0/24 root@SRX550# set security zones security-zone trust address-book address 172.16.0.253/32 172.16.0.253/32

5.4 創建地址池neiwang_allow，并将允許訪問外網的地址組加入進來

root@SRX550# set security zones security-zone trust address-book address-set neiwang_allow address 172.16.0.0/24

5.5 創建域間規則策略從trust到untrust

root@SRX550# set security policies from-zone trust to-zone untrust policy 1 match source-address neiwang_allow root@SRX550# set security policies from-zone trust to-zone untrust policy 1 match destination-address any root@SRX550# set security policies from-zone trust to-zone untrust policy 1 match application any root@SRX550# set security policies from-zone trust to-zone untrust policy 1 then permit

5.6 創建域間規則策略從untrust到trust，允許訪問内部172.16.0.253的1433端口

root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match source-address any root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match destination-address 172.16.0.253 root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match application Service_allow root@SRX550# set security policies from-zone untrust to-zone trust policy 1 then permit

更多精彩资讯请关注tft每日頭條，我们将持续为您更新最新资讯!