溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
1.1 主機名
root@SRX550# set system host-name SRX5501.2 設置時區
root@SRX550# set system time-zone Asia/Shanghai1.3 開啟遠程服務
root@SRX550# set system services ssh
root@SRX550# set system services telnet1.4 開啟web管理并允許從0/0/1接口管理
root@SRX550# set system services web-management https system-generated-certificate
root@SRX550# set system services web-management https interface ge-0/0/1.01.5 配置SNMP讀寫團體字
root@SRX550# set snmp community xmcyy authorization read-write2.1 設置root密碼,新設備第一步必須先設置root密碼
root@SRX550#set system root-authentication plain-text-password2.2 設置用戶admin,權限超級級管理員
root@SRX550#set system login user admin uid 2000
root@SRX550#set system login user admin class super-user3.1 配置三層接口
root@SRX550# set interfaces ge-0/0/0 unit 0 family inet address 110.250.250.2/24
root@SRX550# set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/243.2 將1口加入trust域
root@SRX550# set security zones security-zone trust interfaces ge-0/0/1.03.3 將0口加入untrust域
root@SRX550# set security zones security-zone untrust interfaces ge-0/0/0.04.1 默認路由
root@SRX550# set routing-options static route 0.0.0.0/0 next-hop 110.250.250.14.2 靜態路由
root@SRX550# set routing-options static route 172.16.0.0/24 next-hop 192.168.1.2545.1 創建端口組Service_1433及對應端口:
root@SRX550# set applications application Service_1433 term Service_1433 protocol tcp
root@SRX550# set applications application Service_1433 term Service_1433 source-port 0-65535
root@SRX550# set applications application Service_1433 term Service_1433 destination-port 1433-14335.2 創建應用組Service_allow,并將Service_1433加入到應用組:
root@SRX550# set applications application-set Service_allow application Service_14335.3 創建地址組
root@SRX550# set security zones security-zone trust address-book address 172.16.0.0/24 172.16.0.0/24
root@SRX550# set security zones security-zone trust address-book address 172.16.0.253/32 172.16.0.253/325.4 創建地址池neiwang_allow,并將允許訪問外網的地址組加入進來
root@SRX550# set security zones security-zone trust address-book address-set neiwang_allow address 172.16.0.0/245.5 創建域間規則策略從trust到untrust
root@SRX550# set security policies from-zone trust to-zone untrust policy 1 match source-address neiwang_allow
root@SRX550# set security policies from-zone trust to-zone untrust policy 1 match destination-address any
root@SRX550# set security policies from-zone trust to-zone untrust policy 1 match application any
root@SRX550# set security policies from-zone trust to-zone untrust policy 1 then permit5.6 創建域間規則策略從untrust到trust,允許訪問內部172.16.0.253的1433端口
root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match source-address any
root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match destination-address 172.16.0.253
root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match application Service_allow
root@SRX550# set security policies from-zone untrust to-zone trust policy 1 then permit請參考:Juniper SRX550防火墻NAT配置
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
