Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Juniper srx 240cluster private network server port published to public network configuration instance

2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

=

-- steps for publishing private network address ports to public network

Set security address-book global address IMMQI_PRIVATE 172.22.201.20/32

Step 1: create a NAT pool

Set security nat destination pool DP_TRUST_IMMQI_10089 address 172.22.201.20/32

Set security nat destination pool DP_TRUST_IMMQI_10089 address port 10089

Step 2: create a NAT Rule

Set security nat destination rule-set DNAT_FROM_ISP1 rule ISP1_TCP10089_TO_IMMQI_10089 match destination-address-name WAN3001_241-119.145.16.241

Set security nat destination rule-set DNAT_FROM_ISP1 rule ISP1_TCP10089_TO_IMMQI_10089 match destination-port 10089

Set security nat destination rule-set DNAT_FROM_ISP1 rule ISP1_TCP10089_TO_IMMQI_10089 then destination-nat pool DP_TRUST_IMMQI_10089

Step 3: create release port and protocol type

Set applications application tcp-10089 protocol tcp

Set applications application tcp-10089 destination-port 10089

Set applications application tcp-10090 protocol tcp

Set applications application tcp-10090 destination-port 10090

Step 4: create a zone policy and match the source address and destination address port

Set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 match source-address any

Set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 match destination-address IMMQI_PRIVATE

Set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 match application tcp-80

Set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 match application tcp-9998

Set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 match application tcp-10089

Set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 then permit

Set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 then log session-init

Set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 then log session-close

Step 5: if you create a new protocol, you need to adjust the policy priority

Insert security policies from-zone Design to-zone trust policy RM-201_84-Cost-Lectra before policy DENY-the newly added policy needs to check whether the policy priority needs to be modified.

Set security address-book global address QI_PRIVATE 172.22.201.19/32

Formal environment

Set security nat destination pool DP_TRUST_IQCSAP_10090 address 172.22.201.19/32

Set security nat destination pool DP_TRUST_IQCSAP_10090 address port 10089

ISP1 telecommunication line

Set security nat destination rule-set DNAT_FROM_ISP1 rule ISP1_TO_TRUST_IQCSAP_10090 match destination-address-name WAN3001_241

Set security nat destination rule-set DNAT_FROM_ISP1 rule ISP1_TO_TRUST_IQCSAP_10090 match destination-port 10090

Set security nat destination rule-set DNAT_FROM_ISP1 rule ISP1_TO_TRUST_IQCSAP_10090 then destination-nat pool DP_TRUST_IQCSAP_10090

Set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 match source-address any

Set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 match destination-address QI_PRIVATE

Set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 match application tcp-10089

Set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 then permit

Set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 then log session-init

Set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 then log session-close

Set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 then count

ISP6 Unicom line

Set security nat destination rule-set DNAT_FROM_ISP6 rule ISP6_TO_TRUST_IQCSAP_10090 match destination-address-name WAN3006_165

Set security nat destination rule-set DNAT_FROM_ISP6 rule ISP6_TO_TRUST_IQCSAP_10090 match destination-port 10090

Set security nat destination rule-set DNAT_FROM_ISP6 rule ISP6_TO_TRUST_IQCSAP_10090 then destination-nat pool DP_TRUST_IQCSAP_10090

Set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 match source-address any

Set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 match destination-address QI_PRIVATE

Set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 match application tcp-10089

Set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 then permit

Set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 then log session-init

Set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 then log session-close

Set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 then count

Insert security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 before policy DENY

Verification

{primary:node0}

Owenli@cfw01a.cn1 > show security flow session nat destination-port 10090

Node0:

Session ID: 124271, Policy name: P_IQCSAP_10090/276, State: Backup, Timeout: 14396, Valid

In: 113.X.X.199/57104-- > X.X.X.165Universe 10090 TCP, If: reth25.3006, Pkts: 0, Bytes: 0

Out: 172.22.201.19Accord 10089-> 113.X.X.199Unix 57104 × TCP, If: reth4.500, Pkts: 0, Bytes: 0

Total sessions: 1

Node1:

Session ID: 140801, Policy name: P_IQCSAP_10090/276, State: Active, Timeout: 1796, Valid

In: 113.X.X.199/57104-- > X.X.X.165max 10090 TCP, If: reth25.3006, Pkts: 2, Bytes: 92

Out: 172.22.201.19Accord 10089-> 113.X.X.199Unix 57104 × TCP, If: reth4.500, Pkts: 1, Bytes: 52

Total sessions: 1

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Steps policy port address priority line area environment telecommunications target type check adjust verify instance server service configuration vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Microsoft Shulou Tech Info MariaDB Apple Docker OPPO Reno Shulou Information Shulou Technology Redmi Xiaomi NVidia Linux macOS Huawei vpn MySQL Microsoft Shulou Tech Info MariaDB Apple Docker OPPO Reno Shulou Information Shulou Technology Redmi Xiaomi NVidia Linux macOS Huawei vpn MySQL

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report