Shulou(Shulou.com)06/01 Report--

Catalogue

General Firewall deployment document 2

Initialize preconfiguration 2 before firewall configuration

General Firewall deployment Operations 2

Configure the planned interface with IP 3

Default route configuration 3

Traffic policy configuration 4

CLI- Command Line Quick configuration 4

A brief introduction to common configurations 5

Nat-Mip configuration method 5

Enter interface editor 5

Find Mip and enter 5

Then make a policy call 6

Enter the policy interface: the source any is for the newly added IP mapping 6

The configuration is completed as follows, figure 7

Written in the last 7.

General Firewall deployment documentation

Initialize preconfiguration before firewall configuration

Upgrade to stable firmware system

Modify the default remote management port

Change the default username / password

General deployment operation of firewall

1. Qu Jun communicates with customers in advance to confirm the planning of private network IP and port allocation (remember)

Juniper-SSG140 as an example:

After boot, the notebook directly firewall Eth0/0 port, configure the local IP address: 192.168.1.X/24. Ping test, and then the browser enters "192.168.1.1" to enter the Web management interface.

Default username / password: netscreen

Find the following interface:

Configure the planned interface with IP

(PS: the boot icon is optional. Note the interface area, Untrust and Trust. Also note that the following service is checked, and telnet is refused to be enabled)

Default route configuration

Then find the following interface:

Click the upper right corner-NEW: configure the gateway as follows (PS: pay attention to select the public network egress interface)

Traffic policy configuration

Then find the following interface: (add a Trust to the public network Untrust policy)

Done. Just do the uplink port access.

These are the steps for partners accustomed to Web-UI to configure remote management. The following is also a brief introduction to the rapid configuration of CLI.

CLI- Command Line Quick configuration

Console connects to the firewall

Juniper-SSG140- > set interface ethernet0/1 zone Untrust

Set interface ethernet0/1 ip 103.20.248.182/24

Set interface ethernet0/1 nat

Set interface ethernet0/1 manage ping

Set interface ethernet0/1 manage web

Set interface ethernet0/1 manage ssh

Set interface ethernet0/1 manage snmp

Juniper-SSG140- > set route 0.0.0.0amp 0 interface ethernet0/1 gateway 103.20.248.1

Juniper-SSG140- > set policy id 1 from "Trust" to "Untrust"Any"Any"ANY" permit

Set policy id 1

Configuration complete. Now connected to the public network, you can manage remotely.

A brief introduction to common configurations

Nat-Mip configuration method

Enter interface editing

Find Mip and enter

Mapped IP: public network address

Host IP: address of private network host

After filling in, confirm it. As shown in the following figure:

[in use indicates that the mapping has been called by the policy, otherwise it is not called if it can be edited]

The policy call is then made.

Enter the policy interface: the source any is for the newly added IP mapping

The configuration is completed as follows

Write at the end

Pay attention to the firewall mac

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.