中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

Juniper srx防火墻NAT配置

發布時間:2020-07-17 13:21:58 來源:網絡 閱讀:3409 作者:do_networking 欄目:安全技術

一、基礎操作說明:

1、  設備恢復出廠化

root# load factory-default

root# set system root-authentication plain-text-password

root# commit

root> request system reboot

2、  基本配置

2.1 配置主機名

root# set system host-name SRX1400

2.2設置時區

root@SRX1400# set system time-zoneAsia/Shanghai

2.3設置時間

root@SRX1400# run set date 201508011549.21

2.4設置dns

root@SRX1400# set system name-server202.l06.0.20   

2.5設置接口IP

root@SRX1400# set interfaces ge-0/0/0 unit0 family inet address 10.0.0.10/24      

2.6設置默認路由

root@SRX1400# set routing-options staticroute 0.0.0.0/0  next-hop 10.0.0.254

2.7創建登陸用戶

root@SRX1400# set system login user adminclass super-user authentication plain-text-password

2.8創建安全Zone

root@SRX1400# set security zonessecurity-zone untrust

2.9接口加入zone

root@SRX1400# set security zones security-zoneuntrust interfaces  ge-0/0/0.0

2.10業務口放行icmp

 root@SRX1400#set security zones security-zone untrust interfaces  ge-0/0/0.0 host-inbound-traffic system-services ping

說明:默認情況下,除管理口外的業務口是無法ping通的,需要放行icmp

二、juniper srx nat

1NAT的類型

1.1 source nat :interface

1.2 source nat :pool

1.3 destination nat

1.4 static nat

2、配置實例

2.1 基于接口的source nat

root@SRX1400# set security nat sourcerule-set 1 from zone trust

root@SRX1400# set security nat sourcerule-set 1 to zone untrust

root@SRX1400# set security nat sourcerule-set 1 rule rule1 match source-address 0.0.0.0/0 destination-address 0.0.0.0/0

root@SRX1400# set security nat sourcerule-set 1 rule rule1 then source-nat interface

默認police

policy default-permit {

   match {

       source-address any;

       destination-address any;

       application any;

    }

   then {

       permit;

    }

}

2.2基于地址池的source nat

root@SRX1400# set security nat source poolisp address 10.0.0.20 to 10.0.30

root@SRX1400# set security nat sourcerule-set 1 from zone trust

root@SRX1400# set security nat sourcerule-set 1 to zone untrust

root@SRX1400# set security nat sourcerule-set 1 rule rule1 match source-address 0.0.0.0/0 destination-address 0.0.0.0/0

root@SRX1400# set security nat sourcerule-set 1 rule rule1 then source-nat pool isp

root@SRX1400# set security nat proxy-arpinterface ge-0/0/0 address 10.0.0.20 to 10.0.0.30

2.3 destination nat 配置

root@SRX1400# set security nat destinationpool dst-nat-pool-1 address 172.16.1.1/32

root@SRX1400# set security nat destinationpool dst-nat-pool-1 address port 80

root@SRX1400# set security nat destinationrule-set rs1 from zone untrust

root@SRX1400# set security nat destinationrule-set rs1 rule 1 match destination-address 10.0.0.100/32

root@SRX1400# set security nat destinationpool dst-nat-pool-1 address port 80 

root@SRX1400# set security nat proxy-arpinterface ge-0/0/0.0 address 10.0.0.100/32

root@SRX1400# set security address-bookglobal address web 172.16.1.1/32

root@SRX1400# set security nat destinationrule-set rs1 rule 1 then destination-nat pool dst-nat-pool-1

root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy web match source-address any

root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy web match destination-address web  match application any

root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy

root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy web then permit

root@SRX1400# insert security policiesfrom-zone untrust to-zone trust policy web before policy default-deny

2.4 static nat配置

root@SRX1400# set security nat staticrule-set rs1 from zone untrust

root@SRX1400# set security nat staticrule-set rs1 rule r1 match destination-address 10.0.0.100/32 

root@SRX1400# set security nat staticrule-set rs1 rule r1 then static-nat prefix 172.16.1.1/32

root@SRX1400# set security nat proxy-arpinterface ge-0/0/0.0 address 10.0.0.100/32

root@SRX1400# set security address-bookglobal address web 172.16.1.1/32

root@SRX1400# set security policiesfrom-zone untrust to-zone untrust web match source-address any destination-addressweb application any

root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy web then permit  

root@SRX1400# insert security policiesfrom-zone untrust to-zone trust web before policy default-deny


向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

铜陵市| 大埔区| 腾冲县| 潜山县| 怀宁县| 巴林左旗| 永和县| 齐齐哈尔市| 西贡区| 理塘县| 兴宁市| 屯留县| 肃北| 灵宝市| 巨鹿县| 丹寨县| 东乌珠穆沁旗| 乌拉特前旗| 莎车县| 蒙城县| 甘谷县| 镇赉县| 宁夏| 志丹县| 青阳县| 清镇市| 乐东| 鄂托克前旗| 密山市| 丰城市| 肥东县| 邳州市| 安图县| 辽阳县| 临夏县| 永昌县| 静宁县| 五指山市| 张家界市| 汝南县| 东光县|