Shulou(Shulou.com)06/01 Report--

I. Management configuration

1.1 Hostname

Root@SRX550# set system host-name SRX550

1.2 set time zone

Root@SRX550# set system time-zone Asia/Shanghai

1.3 enable remote services

Root@SRX550# set system services sshroot@SRX550# set system services telnet

1.4 enable web management and allow management from the 0ram 0can1 interface

Root@SRX550# set system services web-management https system-generated-certificateroot@SRX550# set system services web-management https interface ge-0/0/1.0

1.5 configure SNMP to read and write community words

Root@SRX550# set snmp community xmcyy authorization read-write II. User configuration

2.1 to set the root password, the root password must be set in the first step of the new device.

Root@SRX550#set system root-authentication plain-text-password

2.2 set user admin, super-level administrator

Root@SRX550#set system login user admin uid 2000root@SRX550#set system login user admin class super- user III, interface configuration

3.1 configure layer 3 interfaces

Root@SRX550# set interfaces ge-0/0/0 unit 0 family inet address 110.250.250.2/24root@SRX550# set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24

3.2 add 1 port to the trust domain

Root@SRX550# set security zones security-zone trust interfaces ge-0/0/1.0

3.3 add port 0 to untrust domain

Root@SRX550# set security zones security-zone untrust interfaces ge-0/0/ 0.04. Routing configuration

4.1 default rout

Root@SRX550# set routing-options static route 0.0.0.0/0 next-hop 110.250.250.1

4.2 static rout

Root@SRX550# set routing-options static route 172.16.0.0amp 24 next-hop 192.168.1.254 V, Policy configuration

Create port group Service_1433 and corresponding ports:

Root@SRX550# set applications application Service_1433 term Service_1433 protocol tcproot@SRX550# set applications application Service_1433 term Service_1433 source-port 0-65535root@SRX550# set applications application Service_1433 term Service_1433 destination-port 1433-1433

5.2 create the application group Service_allow and add Service_1433 to the application group:

Root@SRX550# set applications application-set Service_allow application Service_1433

5.3 create an address group

Root@SRX550# set security zones security-zone trust address-book address 172.16.0.0/24 172.16.0.0/24root@SRX550# set security zones security-zone trust address-book address 172.16.0.253/32 172.16.0.253/32

5.4 create an address pool neiwang_allow and add address groups that allow access to the public network

Root@SRX550# set security zones security-zone trust address-book address-set neiwang_allow address 172.16.0.0/24

5.5 create interdomain rule policies from trust to untrust

Root@SRX550# set security policies from-zone trust to-zone untrust policy 1 match source-address neiwang_allowroot@SRX550# set security policies from-zone trust to-zone untrust policy 1 match destination-address anyroot@SRX550# set security policies from-zone trust to-zone untrust policy 1 match application anyroot@SRX550# set security policies from-zone trust to-zone untrust policy 1 then permit

5.6 create inter-domain rule policies from untrust to trust, allowing access to port 1433 of the internal 172.16.0.253

Root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match source-address anyroot@SRX550# set security policies from-zone untrust to-zone trust policy 1 match destination-address 172.16.0.253root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match application Service_allowroot@SRX550# set security policies from-zone untrust to-zone trust policy 1 then Permi VI, NAT configuration

Please refer to: Juniper SRX550 Firewall NAT configuration

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.