Shulou(Shulou.com)06/01 Report--

Technorati tag: srx,juniper,srx240

Step 1: preparatory work

If the new machine is not configured, you can skip to step 2

If there are many configurations, it is recommended that the initialization configuration load factory-default / commit command can be restored to the factory default configuration.

Load factory-default

The ROOT account password must be set immediately after the factory is restored.

2.1.3 set root user password

Root# set system root-authentication plain-text-password

Root# new password: root123

Root# retype new password: root123

Commit

/ / srx all commands take effect and need to be submitted by commit. It is recommended that each command be submitted.

Step 2: enable transparent mode

* because the web interface does not support transparent mode management, you need to debug it in transparent mode with HyperTerminal first. *

Set bridge-domains bd1 domain-type bridge

Set bridge-domains bd1 vlan-id 3

Set interfaces irb unit 0 family inet address 10.34.208.199/24

Set bridge-domains bd1 routing-interface irb.0

/ / bd1 is any specified bridge domain name

Step 3: enable transparent mode for the interface

* to delete all APIs from unit 0j srx240 to ge-0/0/0~ge-0/0/15***

Delete interfaces ge-0/0/10 unit 0

Delete interfaces ge-0/0/11 unit 0

* add the interface to the transparent bridge

Set interfaces ge-0/0/0 unit 0 description L2-Untrust

Set interfaces ge-0/0/0 unit 0 family bridge interface-mode trunk

Set interfaces ge-0/0/0 unit 0 family bridge vlan-id-list 3

Set interfaces ge-0/0/1 unit 0 description L2-Untrust

Set interfaces ge-0/0/1 unit 0 family bridge interface-mode trunk

Set interfaces ge-0/0/1 unit 0 family bridge vlan-id-list 3

Set interfaces ge-0/0/2 unit 0 description L2-Trust

Set interfaces ge-0/0/2 unit 0 family bridge interface-mode trunk

Set interfaces ge-0/0/2 unit 0 family bridge vlan-id-list 3

Set interfaces ge-0/0/3 unit 0 description L2-Trust

Set interfaces ge-0/0/3 unit 0 family bridge interface-mode trunk

Set interfaces ge-0/0/3 unit 0 family bridge vlan-id-list 3

/ / A prompt to restart indicates that the transparent mode is effective

Root#quit

Root > request system reboot

/ / restart command, please enter it in > mode

Step 3: configure the interface

Delete security zones security-zone untrust interfaces ge0/0/0.0

Delete security zones security-zone trust interfaces vlan.0

/ / remove the interface to be added to L2-Zone from the default zone. An interface can only belong to one zone.

Set security zones security-zone L2-Trust host-inbound-traffic system-services all

Set security zones security-zone L2-Trust host-inbound-traffic protocols all

Set security zones security-zone L2-Untrust host-inbound-traffic system-services ping

Set security zones security-zone L2-Untrust host-inbound-traffic system-services http

Set security zones security-zone L2-Untrust host-inbound-traffic system-services telnet

Set security zones security-zone L2-Untrust interfaces ge-0/0/0.0

Set security zones security-zone L2-Untrust interfaces ge-0/0/1.0

Set security zones security-zone L2-Trust interfaces ge-0/0/2.0

Set security zones security-zone L2-Trust interfaces ge-0/0/3.0

Step 4:

Set system services web-management http interface irb.0

/ / irb can be managed by web

Through http://10.34.208.199

* ip of irb.0 management port. Generally, the password root/root123 is set by default.

After web can be accessed, the following steps can be configured in the web interface

Step 5: add access policy

Set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL match source-address any

Set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL match destination-address any

Set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL match application any

Set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL then permit

Set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL match source-address any

Set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL match destination-address any

Set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL match application any

Set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL then permit

Set routing-options static route 0.0.0.0/0 next-hop x.x.x.x

/ / default route

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.