Juniper SRX550防火墙之基本配置_程序开发

Juniper SRX550防火墙之基本配置

admin

2023-01-30 06:45:42

0次

一、管理配置

1.1 主机名

root@SRX550# set system host-name SRX550

1.2 设置时区

root@SRX550# set system time-zone Asia/Shanghai

1.3 开启远程服务

root@SRX550# set system services ssh
root@SRX550# set system services telnet

1.4 开启web管理并允许从0/0/1接口管理

root@SRX550# set system services web-management https system-generated-certificate
root@SRX550# set system services web-management https interface ge-0/0/1.0

1.5 配置SNMP读写团体字

root@SRX550# set snmp community xmcyy authorization read-write

二、用户配置

2.1 设置root密码,新设备第一步必须先设置root密码

root@SRX550#set system root-authentication plain-text-password

2.2 设置用户admin,权限超级级管理员

root@SRX550#set system login user admin uid 2000
root@SRX550#set system login user admin class super-user

三、接口配置

3.1 配置三层接口

root@SRX550# set interfaces ge-0/0/0 unit 0 family inet address 110.250.250.2/24
root@SRX550# set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24

3.2 将1口加入trust域

root@SRX550# set security zones security-zone trust interfaces ge-0/0/1.0

3.3 将0口加入untrust域

root@SRX550# set security zones security-zone untrust interfaces ge-0/0/0.0

四、路由配置

4.1 默认路由

root@SRX550# set routing-options static route 0.0.0.0/0 next-hop 110.250.250.1

4.2 静态路由

root@SRX550# set routing-options static route 172.16.0.0/24 next-hop 192.168.1.254

五、策略配置

5.1 创建端口组Service_1433及对应端口：

root@SRX550# set applications application Service_1433 term Service_1433 protocol tcp
root@SRX550# set applications application Service_1433 term Service_1433 source-port 0-65535
root@SRX550# set applications application Service_1433 term Service_1433 destination-port 1433-1433

5.2 创建应用组Service_allow，并将Service_1433加入到应用组：

root@SRX550# set applications application-set Service_allow application Service_1433

5.3 创建地址组

root@SRX550# set security zones security-zone trust address-book address 172.16.0.0/24 172.16.0.0/24
root@SRX550# set security zones security-zone trust address-book address 172.16.0.253/32 172.16.0.253/32

5.4 创建地址池neiwang_allow，并将允许访问外网的地址组加入进来

root@SRX550# set security zones security-zone trust address-book address-set neiwang_allow address 172.16.0.0/24

5.5 创建域间规则策略从trust到untrust

root@SRX550# set security policies from-zone trust to-zone untrust policy 1 match source-address neiwang_allow
root@SRX550# set security policies from-zone trust to-zone untrust policy 1 match destination-address any
root@SRX550# set security policies from-zone trust to-zone untrust policy 1 match application any
root@SRX550# set security policies from-zone trust to-zone untrust policy 1 then permit

5.6 创建域间规则策略从untrust到trust，允许访问内部172.16.0.253的1433端口

root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match source-address any
root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match destination-address 172.16.0.253
root@SRX550# set security policies from-zone untrust to-zone trust policy 1 match application Service_allow
root@SRX550# set security policies from-zone untrust to-zone trust policy 1 then permit

六、NAT配置

请参考：Juniper SRX550防火墙NAT配置

上一篇：各手机浏览器对HTML5 Device API的支持情况

下一篇：《sqlmap从入门到精通》已经正式出版