真实的国产乱ⅩXXX66竹夫人,五月香六月婷婷激情综合,亚洲日本VA一区二区三区,亚洲精品一区二区三区麻豆

成都創(chuàng)新互聯(lián)網(wǎng)站制作重慶分公司

Junipersrx防火墻NAT配置-創(chuàng)新互聯(lián)

一、基礎(chǔ)操作說明:

為東港等地區(qū)用戶提供了全套網(wǎng)頁設(shè)計(jì)制作服務(wù),及東港網(wǎng)站建設(shè)行業(yè)解決方案。主營業(yè)務(wù)為成都網(wǎng)站設(shè)計(jì)、網(wǎng)站制作、東港網(wǎng)站設(shè)計(jì),以傳統(tǒng)方式定制建設(shè)網(wǎng)站,并提供域名空間備案等一條龍服務(wù),秉承以專業(yè)、用心的態(tài)度為用戶提供真誠的服務(wù)。我們深信只要達(dá)到每一位用戶的要求,就會得到認(rèn)可,從而選擇與我們長期合作。這樣,我們也可以走得更遠(yuǎn)!

1、 設(shè)備恢復(fù)出廠化

root# load factory-default

root# set system root-authentication plain-text-password

root# commit

root> request system reboot

2、 基本配置

2.1 配置主機(jī)名

root# set system host-name SRX1400

2.2設(shè)置時(shí)區(qū)

root@SRX1400# set system time-zoneAsia/Shanghai

2.3設(shè)置時(shí)間

root@SRX1400# run set date 201508011549.21

2.4設(shè)置dns

root@SRX1400# set system name-server202.l06.0.20

2.5設(shè)置接口IP

root@SRX1400# set interfaces ge-0/0/0 unit0 family inet address 10.0.0.10/24

2.6設(shè)置默認(rèn)路由

root@SRX1400# set routing-options staticroute 0.0.0.0/0  next-hop 10.0.0.254

2.7創(chuàng)建登陸用戶

root@SRX1400# set system login user adminclass super-user authentication plain-text-password

2.8創(chuàng)建安全Zone

root@SRX1400# set security zonessecurity-zone untrust

2.9接口加入zone

root@SRX1400# set security zones security-zoneuntrust interfaces  ge-0/0/0.0

2.10業(yè)務(wù)口放行icmp

 root@SRX1400#set security zones security-zone untrust interfaces  ge-0/0/0.0 host-inbound-traffic system-services ping

說明:默認(rèn)情況下,除管理口外的業(yè)務(wù)口是無法ping通的,需要放行icmp。

二、juniper srx nat

1、NAT的類型

1.1 source nat :interface

1.2 source nat :pool

1.3 destination nat

1.4 static nat

2、配置實(shí)例

2.1 基于接口的source nat

root@SRX1400# set security nat sourcerule-set 1 from zone trust

root@SRX1400# set security nat sourcerule-set 1 to zone untrust

root@SRX1400# set security nat sourcerule-set 1 rule rule1 match source-address 0.0.0.0/0 destination-address 0.0.0.0/0

root@SRX1400# set security nat sourcerule-set 1 rule rule1 then source-nat interface

默認(rèn)police

policy default-permit {

   match {

       source-address any;

       destination-address any;

       application any;

   }

   then {

       permit;

   }

}

2.2基于地址池的source nat

root@SRX1400# set security nat source poolisp address 10.0.0.20 to 10.0.30

root@SRX1400# set security nat sourcerule-set 1 from zone trust

root@SRX1400# set security nat sourcerule-set 1 to zone untrust

root@SRX1400# set security nat sourcerule-set 1 rule rule1 match source-address 0.0.0.0/0 destination-address 0.0.0.0/0

root@SRX1400# set security nat sourcerule-set 1 rule rule1 then source-nat pool isp

root@SRX1400# set security nat proxy-arpinterface ge-0/0/0 address 10.0.0.20 to 10.0.0.30

2.3 destination nat 配置

root@SRX1400# set security nat destinationpool dst-nat-pool-1 address 172.16.1.1/32

root@SRX1400# set security nat destinationpool dst-nat-pool-1 address port 80

root@SRX1400# set security nat destinationrule-set rs1 from zone untrust

root@SRX1400# set security nat destinationrule-set rs1 rule 1 match destination-address 10.0.0.100/32

root@SRX1400# set security nat destinationpool dst-nat-pool-1 address port 80

root@SRX1400# set security nat proxy-arpinterface ge-0/0/0.0 address 10.0.0.100/32

root@SRX1400# set security address-bookglobal address web 172.16.1.1/32

root@SRX1400# set security nat destinationrule-set rs1 rule 1 then destination-nat pool dst-nat-pool-1

root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy web match source-address any

root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy web match destination-address web  match application any

root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy

root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy web then permit

root@SRX1400# insert security policiesfrom-zone untrust to-zone trust policy web before policy default-deny

2.4 static nat配置

root@SRX1400# set security nat staticrule-set rs1 from zone untrust

root@SRX1400# set security nat staticrule-set rs1 rule r1 match destination-address 10.0.0.100/32

root@SRX1400# set security nat staticrule-set rs1 rule r1 then static-nat prefix 172.16.1.1/32

root@SRX1400# set security nat proxy-arpinterface ge-0/0/0.0 address 10.0.0.100/32

root@SRX1400# set security address-bookglobal address web 172.16.1.1/32

root@SRX1400# set security policiesfrom-zone untrust to-zone untrust web match source-address any destination-addressweb application any

root@SRX1400# set security policiesfrom-zone untrust to-zone trust policy web then permit

root@SRX1400# insert security policiesfrom-zone untrust to-zone trust web before policy default-deny

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn,海內(nèi)外云服務(wù)器15元起步,三天無理由+7*72小時(shí)售后在線,公司持有idc許可證,提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案,具有“安全穩(wěn)定、簡單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢,專為企業(yè)上云打造定制,能夠滿足用戶豐富、多元化的應(yīng)用場景需求。


文章標(biāo)題:Junipersrx防火墻NAT配置-創(chuàng)新互聯(lián)
文章來源:http://weahome.cn/article/cojsdj.html

其他資訊

在線咨詢

微信咨詢

電話咨詢

028-86922220(工作日)

18980820575(7×24)

提交需求

返回頂部