Basic initial configuration steps for JuniperSRX (Security Policy 2) 02/23 Update SLTechnology News&Howtos

Basic initial configuration steps for JuniperSRX (Security Policy 2)

2025-02-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

1) Interface

Set interfaces ge-0/0/0.0 family inet address x.x.x.x/24

Set interfaces ge-0/0/1.0 family inet address x.x.x.x/24

# show interfaces

# run show int terse

2) Security zone (add the interface to each security zone in)

Set security zones security-zone Outside/Inside or untrust/trust interface ge-0/0/0.0

# show security zones

3) Security policy-inter-zone policy (from inside to outside traffic-all permit; from outside to inside traffic-all deny)

Set security policies from-zone Inside to-zone Outside policy [Policy-Name] Default-Permit

Match source-address any

Match destination-address any

Match application any

Then permit

4) addressbook of the security zone (of each security zone)

/ / for match source-address\ destination-address any

Set security zones security-zone Outside address-book address [Address-Name] x.x.x.x/32

Set security zones security-zone Inside address-book address [Address-Name] x.x.x.x/32

5) configure application applications application or applications application-set

/ / for match application any

Set application [Application-Name] / / show applications

Set applications apolication [TCP-3032] protocol tcp destination-port 3032

Set applications application-set [APP-SET1] application TCP-3032

Show security flow session?

6) count

Edit security poicies from-zone Inside to-zone Outside policy Default-Permit

Set match source-address Inside-Network

Set match destination-address SP-Routers

Set match application any

Set then permit

Set then count

Set then log session-init session-close

Set system syslog file [Traffic-Log] any (facility) any (level severity level)

Set system syslog file [Traffice-log] match "RT_FLOW_SESSION"

> show security policies policy-name [Default-Permit] detail

> show system syslog

> show log [Traffice-Log]

7) monitor

# set system syslog file Monitor-Traffic-Log any any

# set system syslog file Monitor-Traffic-Log match "10.1.1.1"

# show system syslog

> monitor start Monitor-Traffic-Log

> monitor stop

8) debug of security flow traceoptions / / Juniper

9) Policy Schedulers / / time access control list

10) Web-Authen

11) Pass-Through

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.