In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-14 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
1. Basic operation instructions:
1. Equipment resumes ex-factory
Root# load factory-default
Root# set system root-authentication plain-text-password
Root# commit
Root > request system reboot
2. Basic configuration
2.1 configure Hostname
Root# set system host-name SRX1400
2.2 set time zone
Root@SRX1400# set system time-zoneAsia/Shanghai
2.3 setting time
Root@SRX1400# run set date 201508011549.21
2.4Setting dns
Root@SRX1400# set system name-server202.l06.0.20
2.5 set the interface IP
Root@SRX1400# set interfaces ge-0/0/0 unit0 family inet address 10.0.0.10/24
2.6 set default rout
Root@SRX1400# set routing-options staticroute 0.0.0.0/0 next-hop 10.0.0.254
2.7 create a login user
Root@SRX1400# set system login user adminclass super-user authentication plain-text-password
2.8Create secure Zone
Root@SRX1400# set security zonessecurity-zone untrust
2.9 API to join zone
Root@SRX1400# set security zones security-zoneuntrust interfaces ge-0/0/0.0
2.10 Service Port release icmp
Root@SRX1400#set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
Note: by default, the business port other than the management port cannot ping, so you need to release icmp.
II. Juniper srx nat
1. Type of NAT
1.1 source nat: interface
1.2 source nat: pool
1.3 destination nat
1.4 static nat
2. Configure the instance
2.1 Interface-based source nat
Root@SRX1400# set security nat sourcerule-set 1 from zone trust
Root@SRX1400# set security nat sourcerule-set 1 to zone untrust
Root@SRX1400# set security nat sourcerule-set 1 rule rule1 match source-address 0.0.0.0/0 destination-address 0.0.0.0/0
Root@SRX1400# set security nat sourcerule-set 1 rule rule1 then source-nat interface
Default police
Policy default-permit {
Match {
Source-address any
Destination-address any
Application any
}
Then {
Permit
}
}
2.2 source nat based on address pool
Root@SRX1400# set security nat source poolisp address 10.0.0.20 to 10.0.30
Root@SRX1400# set security nat sourcerule-set 1 from zone trust
Root@SRX1400# set security nat sourcerule-set 1 to zone untrust
Root@SRX1400# set security nat sourcerule-set 1 rule rule1 match source-address 0.0.0.0/0 destination-address 0.0.0.0/0
Root@SRX1400# set security nat sourcerule-set 1 rule rule1 then source-nat pool isp
Root@SRX1400# set security nat proxy-arpinterface ge-0/0/0 address 10.0.0.20 to 10.0.0.30
2.3 destination nat configuration
Root@SRX1400# set security nat destinationpool dst-nat-pool-1 address 172.16.1.1/32
Root@SRX1400# set security nat destinationpool dst-nat-pool-1 address port 80
Root@SRX1400# set security nat destinationrule-set rs1 from zone untrust
Root@SRX1400# set security nat destinationrule-set rs1 rule 1 match destination-address 10.0.0.100/32
Root@SRX1400# set security nat destinationpool dst-nat-pool-1 address port 80
Root@SRX1400# set security nat proxy-arpinterface ge-0/0/0.0 address 10.0.0.100/32
Root@SRX1400# set security address-bookglobal address web 172.16.1.1/32
Root@SRX1400# set security nat destinationrule-set rs1 rule 1 then destination-nat pool dst-nat-pool-1
Root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy web match source-address any
Root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy web match destination-address web match application any
Root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy
Root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy web then permit
Root@SRX1400# insert security policiesfrom-zone untrust to-zone trust policy web before policy default-deny
2.4 static nat configuration
Root@SRX1400# set security nat staticrule-set rs1 from zone untrust
Root@SRX1400# set security nat staticrule-set rs1 rule r1 match destination-address 10.0.0.100/32
Root@SRX1400# set security nat staticrule-set rs1 rule r1 then static-nat prefix 172.16.1.1/32
Root@SRX1400# set security nat proxy-arpinterface ge-0/0/0.0 address 10.0.0.100/32
Root@SRX1400# set security address-bookglobal address web 172.16.1.1/32
Root@SRX1400# set security policiesfrom-zone untrust to-zone untrust web match source-address any destination-addressweb application any
Root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy web then permit
Root@SRX1400# insert security policiesfrom-zone untrust to-zone trust web before policy default-deny
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
