In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Technorati tag: srx,juniper,srx240
Step 1: preparatory work
If the new machine is not configured, you can skip to step 2
If there are many configurations, it is recommended that the initialization configuration load factory-default / commit command can be restored to the factory default configuration.
Load factory-default
The ROOT account password must be set immediately after the factory is restored.
2.1.3 set root user password
Root# set system root-authentication plain-text-password
Root# new password: root123
Root# retype new password: root123
Commit
/ / srx all commands take effect and need to be submitted by commit. It is recommended that each command be submitted.
Step 2: enable transparent mode
* because the web interface does not support transparent mode management, you need to debug it in transparent mode with HyperTerminal first. *
Set bridge-domains bd1 domain-type bridge
Set bridge-domains bd1 vlan-id 3
Set interfaces irb unit 0 family inet address 10.34.208.199/24
Set bridge-domains bd1 routing-interface irb.0
/ / bd1 is any specified bridge domain name
Step 3: enable transparent mode for the interface
* to delete all APIs from unit 0j srx240 to ge-0/0/0~ge-0/0/15***
Delete interfaces ge-0/0/10 unit 0
Delete interfaces ge-0/0/11 unit 0
* add the interface to the transparent bridge
Set interfaces ge-0/0/0 unit 0 description L2-Untrust
Set interfaces ge-0/0/0 unit 0 family bridge interface-mode trunk
Set interfaces ge-0/0/0 unit 0 family bridge vlan-id-list 3
Set interfaces ge-0/0/1 unit 0 description L2-Untrust
Set interfaces ge-0/0/1 unit 0 family bridge interface-mode trunk
Set interfaces ge-0/0/1 unit 0 family bridge vlan-id-list 3
Set interfaces ge-0/0/2 unit 0 description L2-Trust
Set interfaces ge-0/0/2 unit 0 family bridge interface-mode trunk
Set interfaces ge-0/0/2 unit 0 family bridge vlan-id-list 3
Set interfaces ge-0/0/3 unit 0 description L2-Trust
Set interfaces ge-0/0/3 unit 0 family bridge interface-mode trunk
Set interfaces ge-0/0/3 unit 0 family bridge vlan-id-list 3
/ / A prompt to restart indicates that the transparent mode is effective
Root#quit
Root > request system reboot
/ / restart command, please enter it in > mode
Step 3: configure the interface
Delete security zones security-zone untrust interfaces ge0/0/0.0
Delete security zones security-zone trust interfaces vlan.0
/ / remove the interface to be added to L2-Zone from the default zone. An interface can only belong to one zone.
Set security zones security-zone L2-Trust host-inbound-traffic system-services all
Set security zones security-zone L2-Trust host-inbound-traffic protocols all
Set security zones security-zone L2-Untrust host-inbound-traffic system-services ping
Set security zones security-zone L2-Untrust host-inbound-traffic system-services http
Set security zones security-zone L2-Untrust host-inbound-traffic system-services telnet
Set security zones security-zone L2-Untrust interfaces ge-0/0/0.0
Set security zones security-zone L2-Untrust interfaces ge-0/0/1.0
Set security zones security-zone L2-Trust interfaces ge-0/0/2.0
Set security zones security-zone L2-Trust interfaces ge-0/0/3.0
Step 4:
Set system services web-management http interface irb.0
/ / irb can be managed by web
Through http://10.34.208.199
* ip of irb.0 management port. Generally, the password root/root123 is set by default.
After web can be accessed, the following steps can be configured in the web interface
Step 5: add access policy
Set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL match source-address any
Set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL match destination-address any
Set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL match application any
Set security policies from-zone L2-Trust to-zone L2-Untrust policy IN-OUT-PERMIT-ALL then permit
Set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL match source-address any
Set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL match destination-address any
Set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL match application any
Set security policies from-zone L2-Untrust to-zone L2-Trust policy OUT-IN-PERMIT-ALL then permit
Set routing-options static route 0.0.0.0/0 next-hop x.x.x.x
/ / default route
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.