JuniperSRX基本初始配置步骤(SecurityPolicy2)

1) 接口

成都创新互联从2013年成立，是专业互联网技术服务公司，拥有项目成都网站建设、网站制作网站策划，项目实施与项目整合能力。我们以让每一个梦想脱颖而出为使命，1280元华容做网站,已为上家服务,为华容各地企业和个人服务,联系电话:18982081108

set interfaces ge-0/0/0.0 family inet address x.x.x.x/24

set interfaces ge-0/0/1.0 family inet address x.x.x.x/24

#show interfaces

#run show int terse

2) 安全区域(中把接口加入到各安全区域)

set security zones security-zone Outside/Inside 或 untrust/trust interface ge-0/0/0.0

#show security zones

3) 安全策略-zone间策略(由内到外流量-全部permit;由外到内流量-全部deny)

set security policies from-zone Inside to-zone Outside policy [Policy-Name]Default-Permit

    match source-address any

    match destination-address any

    match application any

    then permit

 

4) 安全区域的(各个安全区域的)addressbook 

//针对match source-address\destination-address any

set security zones security-zone Outside address-book address [Address-Name]  x.x.x.x/32

set security zones security-zone Inside address-book address [Address-Name]x.x.x.x/32

 

5) 配置应用applications   application 或 applications application-set  

//针对 match application any

set application  [Application-Name]    //show applications

 

set applications apolication [TCP-3032] protocol tcp destination-port 3032 

set applications application-set [APP-SET1] application TCP-3032

 

show security flow session ?

_______________________________________________________________________________ 

6) count

edit security poicies from-zone Inside to-zone Outside policy Default-Permit

    set match source-address Inside-Network

    set match destination-address SP-Routers

    set match application any

    set then permit

    set then count

    set then log session-init session-close

 

set system syslog file [Traffic-Log] any(facility) any(level严重级别)

set system syslog file [Traffice-log] match "RT_FLOW_SESSION"

 

>show security policies policy-name [Default-Permit] detail

 

>show system syslog

>show log [Traffice-Log]

 

7) monitor

#set system syslog file Monitor-Traffic-Log any any

#set system syslog file Monitor-Traffic-Log match "10.1.1.1"

#show system syslog

>monitor start Monitor-Traffic-Log

>monitor stop

 

8) security flow traceoptions //Juniper的debug

9) Policy Schedulers //时间访问控制列表

10) Web-Authen

11) Pass-Through

 

当前标题：JuniperSRX基本初始配置步骤(SecurityPolicy2)
网站链接：http://bjjierui.cn/article/jgcsdh.html