JuniperSRX550防火墙之基本配置-创新互联
一、管理配置
1.1 主机名
成都创新互联,专注为中小企业提供官网建设、营销型网站制作、自适应网站建设、展示型成都网站制作、网站设计等服务,帮助中小企业通过网站体现价值、有效益。帮助企业快速建站、解决网站建设与网站营销推广问题。root@SRX550# set system host-name SRX550
1.2 设置时区
root@SRX550# set system time-zone Asia/Shanghai
1.3 开启远程服务
root@SRX550# set system services ssh
root@SRX550# set system services telnet
1.4 开启web管理并允许从0/0/1接口管理
root@SRX550# set system services web-management https system-generated-certificate
root@SRX550# set system services web-management https interface ge-0/0/1.0
1.5 配置SNMP读写团体字
root@SRX550# set snmp community xmcyy authorization read-write
二、用户配置
2.1 设置root密码,新设备第一步必须先设置root密码
root@SRX550#set system root-authentication plain-text-password
2.2 设置用户admin,权限超级级管理员
root@SRX550#set system login user admin uid 2000
root@SRX550#set system login user admin class super-user
三、接口配置
3.1 配置三层接口
root@SRX550# set interfaces ge-0/0/0 unit 0 family inet address 110.250.250.2/24
root@SRX550# set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24
3.2 将1口加入trust域
root@SRX550# set security zones security-zone trust interfaces ge-0/0/1.0
3.3 将0口加入untrust域
root@SRX550# set security zones security-zone untrust interfaces ge-0/0/0.0
四、路由配置
4.1 默认路由
root@SRX550# set routing-options static route 0.0.0.0/0 next-hop 110.250.250.1
4.2 静态路由
root@SRX550# set routing-options static route 172.16.0.0/24 next-hop 192.168.1.254
五、策略配置
5.1 创建端口组Service_1433及对应端口:
root@SRX550# set applications application Service_1433 term Service_1433 protocol tcp
root@SRX550# set applications application Service_1433 term Service_1433 source-port 0-65535
root@SRX550# set applications application Service_1433 term Service_1433 destination-port 1433-1433
5.2 创建应用组Service_allow,并将Service_1433加入到应用组:
root@SRX550# set applications application-set Service_allow application Service_1433
5.3 创建地址组
root@SRX550# set security zones security-zone trust address-book address 172.16.0.0/24 172.16.0.0/24
root@SRX550# set security zones security-zone trust address-book address 172.16.0.253/32 172.16.0.253/32
5.4 创建地址池neiwang_allow,并将允许访问外网的地址组加入进来
root@SRX550# set security zones security-zone trust address-book address-set neiwang_allow address 172.16.0.0/24
5.5 创建域间规则策略从trust到untrust
root@SRX550# set security policies from-zone trust to-zone untrust policy 1 match source-address neiwang_allow
root@SRX550# set security policies from-zone trust to-zone untrust policy 1 match destination-address any
root@SRX550# set security policies from-zone trust to-zone untrust policy 1 match application any
root@SRX550# set security policies from-zone trust to-zone untrust policy 1 then permit
5.6 创建域间规则策略从untrust到trust,允许访问内部172.16.0.253的1433端口
root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match source-address any
root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match destination-address 172.16.0.253
root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match application Service_allow
root@SRX550# set security policies from-zone untrust to-zone trust policy 1 then permit
六、NAT配置
请参考:Juniper SRX550防火墙NAT配置
另外有需要云服务器可以了解下创新互联cdcxhl.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
网站名称:JuniperSRX550防火墙之基本配置-创新互联
标题路径:http://pwwzsj.com/article/dghhsi.html