Shulou(Shulou.com)05/31 Report--

Editor to share with you a sample analysis of the basic policy configuration in JUNIA, I believe most people do not know much about it, so share this article for your reference, I hope you will learn a lot after reading this article, let's learn about it!

Basic functions of policies

a. Tell the firewall how traffic should be protected and forwarded

Traffic of Zone

Must between a.InterZone sections must pass the Policy check

Policy check may be passed in b.IntraZone section

Components of Policy

1.Source and Desitination

Adress OR Adress Group

2.Service service

a. System predefined service types (Telnet,SSH,Telnet)

b. Customized service

c. Custom service group

3.Aciton action

A.Permit

B.Deny

C.Tunnel

D.Reject (discards packets and advertises unreachable information to the source)

Configuration steps for Policy

a. Define an address entry

b. Customize a service entry

View predefined services

Ns5gt- > get service pre-defined

Manual customization of services

Ns5gt- > set service voice protocol udp src-port 1-65535 dst-port 186-20000

c. Create a Policy entry

Ns5gt- > set policy top from untrust to kang any any any permit

d. Adjust the order of Policy

Ns5gt- > set policy global move 1 before 2

Set up an address group

Ns5gt- > set group address kang test add 10.1.1.1

Create a service entry

Ns5gt- > set group service test add HTTP

Ns5gt- > set group service test add HTTPS

Ns5gt- > set group service test add Telnet

Ns5gt- > set group service test add SSH

e. Configure multi-cell policy

a. Enter the configuration mode of the policy

Ns5gt- > set policy id 3

b. Add source address or add service ns5gt (policy:3)-> set service telnet

Ns5gt (policy:3)-> set service snmp

c. View multi-cell policy

Ns5gt- > get policy

General Policy problem

Order of a.Policy

b. For the IP of the host, the subnet mask must be 32 bits

c. Whether the group members match

Global Policy Global Policy

a. Action=Deny of the default global policy

Ns5gt- > get policy global

No global policies, Default deny.

Implicitly reject everything by default

b. Change the Action of a global policy to Permit

Ns5gt- > set policy global any any any permit

Strategy of IntraZone

A.IntraZone is released by default.

Ns5gt- > set zone kang block

It is impossible to access each other between hosts under a Zone.

The above is all the content of the article "sample Analysis of basic Policy configuration in JUNIA". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.