Shulou(Shulou.com)06/01 Report--

1. Initial login device: root password is empty; conf mode; password is at least 6 digits, letters + numbers

2. Load factory-default; restore the factory default settings-after the system is restored, it does not mean there is no configuration. The system is configured with Screen\ DHCP\ Policy by default.

If you need to delete the relevant configuration completely, you can execute the command delete to delete the relevant configuration.

3. Set system root-authen plain-text-password; set the root user password

4. Set system login user admin class super-user authen plain-text-password; set up remote login management users

5. Set system host-name *; set the host name

6. Set system name-server 8.8.8.8; set dns

7 、 set system services ftp

Set system services telnet

Set system services web-manage http

Set system services web-manage https

Set system services web-manage port 44380 interface all

Start the ftp/telnet / http service only after the above commands are completed at the same time

8. Set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1 pick 24; set logical interface address; srx series interface requires that ip must be configured under logical interface, usually using logical interface 0

9 、 set interfaces ge-0/0/0.0 family inet address 10.1.1.1/24

Set routing-options static route 0.0.0.0amp 0 next-hop 192.168.1.1; set the default route

10. Set security zones security-zone untrust interfaces ge-0/0/0.0; put the interface in the security zone

Set security zones security-zone untrust host-inbound-traffic system-services ping

Set security zones security-zone untrust host-inbound-traffic system-services http

Set security zones security-zone untrust host-inbound-traffic system-services telnet

11. Essential elements of policy configuration: policy name, source address, destination address, service, action

12. Three types of policies:

A. By creating policies between sections, you can manage the types of information flow that is allowed from one security section to another.

B. by creating a section internal policy, you can also control the type of information flow that is allowed through interfaces bound to the same section

C. by creating global policies, you can manage the flow of information between addresses, regardless of their security sections.

13. Show security policies default-policy; view the default policy actions of the current system

14. The NAT of SRX is configured independently as the basic content at the network level (independently defining the direction, mapping relationship and address range of address mapping). The Policy no longer contains NAT-related configuration information, which has the advantage of being easy to understand and simplify operation and maintenance. when the network topology and NAT mapping changes, there is no need to adjust the Policy configuration content.

15. The execution order of SRX NAT and Policy is: destination address translation-destination address routing lookup-perform policy check-source address translation. Combined with this execution order, when configuring Policy, it should be noted that the source address in Policy should be the source address before translation, and the destination address should be the translated destination address. In Policy, the source address should be the pre-translated source address, and the destination address should be the translated destination address. The source and destination addresses in the Policy should be the real IP addresses on both sides of the source and destination, which is related to the ScreenOS presence area.

No, you need to pay attention.

Static belongs to bi-directional NAT, while other types belong to unidirectional NAT.

16. NAT configuration:

Set security nat source rule-set 1 from zone trust specifies the source area

Set security nat source rule-set 1 to zone untrust specifies the target area

Set security nat source rule-set 1 rule rule1 match source-address 0.0.0.0/0 destination-address

0.0.0.0swap 0 specifies the address or address field that matches the source and destination, and 0.0.0.Universe 0 represents all

Set security nat source rule-set 1 rule rule1 then source-nat interface specifies source translation through interface IP

The above configuration defines NAT source address mapping rules. All traffic accessing Untrust Zone from Trust Zone is done by Untrust Zone interface IP.

Source address translation.

Show security flow session

Show security nat source rule phypoolNAT

Showsecurity nat source pool all

Access from the public network, and then check the session: show security flow session

View the NAT transformation relationship:

Show security nat destination rule

Show security nat static rule

17. Request system halt equipment shuts down

Request system reboot device restart

18. Configuration---admin---permitted IPs; add whitelist to set specific IP login

Clear led alarm, clear the alarm lamp.

19. Restart web-manage or run restart web-manage restart the web login interface

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.