温馨提示×

温馨提示×

您好,登录后才能下订单哦!

密码登录×
登录注册×
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》

JuniperSRX 基本初始配置步骤(Security Policy 2)

发布时间:2020-08-02 06:23:53 来源:网络 阅读:1084 作者:terence88 栏目:网络安全

1) 接口

set interfaces ge-0/0/0.0 family inet address x.x.x.x/24

set interfaces ge-0/0/1.0 family inet address x.x.x.x/24


#show interfaces

#run show int terse


2) 安全区域(中把接口加入到各安全区域)


set security zones security-zone Outside/Inside 或 untrust/trust interface ge-0/0/0.0


#show security zones


3) 安全策略-zone间策略(由内到外流量-全部permit;由外到内流量-全部deny)

set security policies from-zone Inside to-zone Outside policy [Policy-Name]Default-Permit

    match source-address any

    match destination-address any

    match application any

    then permit

 

4) 安全区域的(各个安全区域的)addressbook  

//针对match source-address\destination-address any

set security zones security-zone Outside address-book address [Address-Name]  x.x.x.x/32

set security zones security-zone Inside address-book address [Address-Name] x.x.x.x/32

 

5) 配置应用applications   application 或 applications application-set  

//针对 match application any

set application  [Application-Name]    //show applications

 

set applications apolication [TCP-3032] protocol tcp destination-port 3032 

set applications application-set [APP-SET1] application TCP-3032

 

show security flow session ?

_______________________________________________________________________________ 

6) count

edit security poicies from-zone Inside to-zone Outside policy Default-Permit

    set match source-address Inside-Network

    set match destination-address SP-Routers

    set match application any

    set then permit

    set then count

    set then log session-init session-close

 

set system syslog file [Traffic-Log] any(facility) any(level严重级别)

set system syslog file [Traffice-log] match "RT_FLOW_SESSION"

 

>show security policies policy-name [Default-Permit] detail

 

>show system syslog

>show log [Traffice-Log]

 

7) monitor

#set system syslog file Monitor-Traffic-Log any any

#set system syslog file Monitor-Traffic-Log match "10.1.1.1"

#show system syslog

>monitor start Monitor-Traffic-Log

>monitor stop

 

8) security flow traceoptions //Juniper的debug

9) Policy Schedulers //时间访问控制列表

10) Web-Authen

11) Pass-Through

 

向AI问一下细节

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

AI