Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

2. SRX notes and basic configuration

2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Remote basic configuration

Root@SRX1# show | display set

Set version 12.1X44.4

Set system host-name SRX1

Set system time-zone Asia/Shanghai

Set system root-authentication encrypted-password "$1 $0m2EDDUB$hW0MnI7hQFLfmFmROx02B1"

Set system name-server 114.114.114.114

Set system services ssh

Set system services web-management http

Set system ntp server 62.201.225.9

Set interfaces ge-0/0/0 unit 0 family inet address 192.168.130.212/24

Set interfaces ge-0/0/1 unit 0 family inet address 1.1.1.254/24

Set routing-options static route 0.0.0.0/0 next-hop 192.168.130.2

Set security nat source rule-set NAT-Policy from zone trust

Set security nat source rule-set NAT-Policy to zone untrust

Set security nat source rule-set NAT-Policy rule Trust-Untrust-Interface-NAT match source-address 1.1.1.0/24

Set security nat source rule-set NAT-Policy rule Trust-Untrust-Interface-NAT then source-nat interface

Set security policies from-zone trust to-zone untrust policy Permit-ALL match source-address any

Set security policies from-zone trust to-zone untrust policy Permit-ALL match destination-address any

Set security policies from-zone trust to-zone untrust policy Permit-ALL match application any

Set security policies from-zone trust to-zone untrust policy Permit-ALL then permit

Set security zones security-zone untrust host-inbound-traffic system-services ping

Set security zones security-zone untrust host-inbound-traffic system-services ssh

Set security zones security-zone untrust host-inbound-traffic system-services http

Set security zones security-zone untrust interfaces ge-0/0/0.0

Set security zones security-zone trust host-inbound-traffic system-services ping

Set security zones security-zone trust host-inbound-traffic system-services ssh

Set security zones security-zone trust host-inbound-traffic system-services http

Set security zones security-zone trust interfaces ge-0/0/1.0

Set security nat static rule-set static-nat from zone untrust

Set security nat static rule-set static-nat rule rule1 match destination-address 192.168.130.199/32

Set security nat static rule-set static-nat rule rule1 then static-nat prefix 1.1.1.1/32

Set security nat proxy-arp interface ge-0/0/0.0 address 192.168.130.199/32

Set security zones security-zone trust address-book address test 1.1.1.1/32

Set security zones security-zone trust address-book address-set 1.1.1.1 address test

Set applications application 3389 protocol tcp

Set applications application 3389 destination-port 3389

Set applications application-set 3389-3389 application 3389

Set security policies from-zone untrust to-zone trust policy 1 match source-address any

Set security policies from-zone untrust to-zone trust policy 1 match destination-address test

Set security policies from-zone untrust to-zone trust policy 1 match application 3389-3389

Set security policies from-zone untrust to-zone trust policy 1 then permit

=

Root@SRX2 > show interfaces terse | match g to view the API configuration

Root@SRX2# show | display set to view the configuration of Set format

Root@SRX2# show | compare looks at the difference between the submitted configuration and the current running configuration

Root@SRX2 > clear system commit clears uncommitted configurations

Root@SRX2 > show system uptime View system clock

Root@SRX2# commit at "2016-09-30 13:48:00" saves the configuration at the specified time

Root@SRX2# commit comment "Only test" describes the submitted configuration

Root@SRX2 > show system commit to view the submitted configuration instructions (including the submitted configuration instructions)

Root@SRX2# rollback? View recoverable configuration

Root@SRX2# rollback 9 restores a certain configuration, which requires commit configuration to take effect.

Root@SRX2# commit confirmed confirms that the configuration command is submitted (the configuration is not confirmed within ten minutes, and the configuration is automatically restored to before submission)

Root@SRX2# commit and-quit confirms and exits

Root@SRX2# set system host-name My-SRX set hostname

Root@SRX2# set system name-server 114.114.114.114 set DNS

Root@SRX2 > show system uptime View time

Root@SRX2# set system time-zone Asia/Shanghai sets the time zone

Root@SRX2 > set date 200808080808.08 manually set time

Root@SRX2# set system ntp server 3.asia.pool.ntp.org sets NTP

Root@SRX2 > show ntp associations View NTP

Root@SRX2 > show ntp status View NTP

Root@SRX2 > request system reboot restart the system

Root@SRX2 > request system power-off shut down the system

Root@SRX2# set system root-authentication plain-text-password modifies root password

Root@SRX2# set system login user zqb class super-user authentication plain-text-password sets the remote login password

Recover root password

Loading / boot/defaults/loader.conf

/ kernel text=0x894aa0 data=0x4d050+0x100b2c syms= [0x4+0x92cf0+0x4+0xd1487]

/ boot/modules/libmbpool.ko text=0xd9c data=0x100

/ boot/modules/if_em_vjx.ko text=0xb794 data=0x5ec+0x204 /

Hit [Enter] to boot immediately, or space bar for command prompt.

=

Press the Spacebar at this time

OK boot-s

=

Enter single-user mode

System watchdog timer disabled

Enter full pathname of shell or 'recovery' for root password recovery or RETURN for / bin/sh: recovery

=

Enter password recovery mode

Starting CLI...

Root@SRX2 >

Root@SRX2# set system services ssh root-login deny forbids root login of ssh

Root@SRX2# set system services ssh enables SSH

Root@SRX2# set system services web-management http starts web management

Root@SRX2 > show version View version

Root@SRX2 > show system license to view authorization information

Root@SRX2 > request system license add terminal load authorization information (enter + Ctrl+D ends)

Root@SRX2 > show cli history View History command

Root@SRX2 > show system processes extensive to view system utilization

Root@SRX2 > restart chassis-control gracefully restart the system process

Set security zones security-zone trust address-book address 1.1.1.1 1.1.1.1/32

Set security zones security-zone trust address-book address 1.1.1.2 1.1.1.2/32

Set security zones security-zone trust address-book address-set Inside address 1.1.1.1

Set security zones security-zone trust address-book address-set Inside address 1.1.1.2

Set applications application 3389 protocol tcp

Set applications application 3389 destination-port 3389

Set applications application-set 3389-3389 application 3389

Set schedulers scheduler test-scheduler daily start-time 09:00 stop-time 18:00

Set schedulers scheduler test-scheduler sunday exclude

Set schedulers scheduler test-scheduler saturday exclude

Set schedulers scheduler one-time start-date 2016-10-18.09 00 stop-date 2016-10-18.1815

Set security policies from-zone trust to-zone untrust policy Permit-ALL scheduler-name test-scheduler

Set security nat static rule-set static-nat from zone untrust

Set security nat static rule-set static-nat rule rule1 match destination-address 192.168.130.199/32

Set security nat static rule-set static-nat rule rule1 then static-nat prefix 1.1.1.1/32

Set security nat proxy-arp interface ge-0/0/0.0 address 192.168.130.199/32

Set security zones security-zone trust address-book address test 1.1.1.1/32

Set security zones security-zone trust address-book address-set 1.1.1.1 address test

Set applications application 3389 protocol tcp

Set applications application 3389 destination-port 3389

Set applications application-set 3389-3389 application 3389

Set security policies from-zone untrust to-zone trust policy 1 match source-address any

Set security policies from-zone untrust to-zone trust policy 1 match destination-address test

Set security policies from-zone untrust to-zone trust policy 1 match application 3389-3389

Set security policies from-zone untrust to-zone trust policy 1 then permit

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 210

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report