Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Transparent mode of SRX240

2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Technorati tag: srx,juniper,srx240

Step 1: preparatory work

If the new machine is not configured, you can skip to step 2

If there are many configurations, it is recommended that the initialization configuration load factory-default / commit command can be restored to the factory default configuration.

Load factory-default

The ROOT account password must be set immediately after the factory is restored.

2.1.3 set root user password

Root# set system root-authentication plain-text-password

Root# new password: root123

Root# retype new password: root123

Commit

/ / srx all commands take effect and need to be submitted by commit. It is recommended that each command be submitted.

Step 2: enable transparent mode

* because the web interface does not support transparent mode management, you need to debug it in transparent mode with HyperTerminal first. *

Set bridge-domains bd1 domain-type bridge

Set bridge-domains bd1 vlan-id 3

Set interfaces irb unit 0 family inet address 10.34.208.199/24

Set bridge-domains bd1 routing-interface irb.0

/ / bd1 is any specified bridge domain name

Step 3: enable transparent mode for the interface

* to delete all APIs from unit 0j srx240 to ge-0/0/0~ge-0/0/15***

Delete interfaces ge-0/0/10 unit 0

Delete interfaces ge-0/0/11 unit 0

* add the interface to the transparent bridge

Set interfaces ge-0/0/0 unit 0 description L2-Untrust

Set interfaces ge-0/0/0 unit 0 family bridge interface-mode trunk

Set interfaces ge-0/0/0 unit 0 family bridge vlan-id-list 3

Set interfaces ge-0/0/1 unit 0 description L2-Untrust

Set interfaces ge-0/0/1 unit 0 family bridge interface-mode trunk

Set interfaces ge-0/0/1 unit 0 family bridge vlan-id-list 3

Set interfaces ge-0/0/2 unit 0 description L2-Trust

Set interfaces ge-0/0/2 unit 0 family bridge interface-mode trunk

Set interfaces ge-0/0/2 unit 0 family bridge vlan-id-list 3

Set interfaces ge-0/0/3 unit 0 description L2-Trust

Set interfaces ge-0/0/3 unit 0 family bridge interface-mode trunk

Set interfaces ge-0/0/3 unit 0 family bridge vlan-id-list 3

/ / A prompt to restart indicates that the transparent mode is effective

Root#quit

Root > request system reboot

/ / restart command, please enter it in > mode

Step 3: configure the interface

Delete security zones security-zone untrust interfaces ge0/0/0.0

Delete security zones security-zone trust interfaces vlan.0

/ / remove the interface to be added to L2-Zone from the default zone. An interface can only belong to one zone.

Set security zones security-zone L2-Trust host-inbound-traffic system-services all

Set security zones security-zone L2-Trust host-inbound-traffic protocols all

Set security zones security-zone L2-Untrust host-inbound-traffic system-services ping

Set security zones security-zone L2-Untrust host-inbound-traffic system-services http

Set security zones security-zone L2-Untrust host-inbound-traffic system-services telnet

Set security zones security-zone L2-Untrust interfaces ge-0/0/0.0

Set security zones security-zone L2-Untrust interfaces ge-0/0/1.0

Set security zones security-zone L2-Trust interfaces ge-0/0/2.0

Set security zones security-zone L2-Trust interfaces ge-0/0/3.0

Step 4:

Set system services web-management http interface irb.0

/ / irb can be managed by web

Through http://10.34.208.199

* ip of irb.0 management port. Generally, the password root/root123 is set by default.

After web can be accessed, the following steps can be configured in the web interface

Step 5: add access policy

Set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL match source-address any

Set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL match destination-address any

Set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL match application any

Set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL then permit

Set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL match source-address any

Set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL match destination-address any

Set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL match application any

Set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL then permit

Set routing-options static route 0.0.0.0/0 next-hop x.x.x.x

/ / default route

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report