SRX防火牆登入
Console端連接SRX,root帳號登入,密碼預設為空
login: root
Password:
--- JUNOS 15.1X49-D90.7 built 2017-04-29 06:16:43 UTC
root@srx%
root@srx% cli /進入操作模式
root@srx>
root@srx> configure /進入配置模式
Entering configuration mode [edit]
Root@srx#
root帳密配置
root# set system root-authentication plain-text-password
New password:
Retype new password:
*密碼預設是以密文方式顯示
root# show system root-authentication
encrypted-password "$1$xavDeUe6$fNMeolGU.8.M7B939d6."; ## SECRET-DATA
遠端管理帳密配置
root# set system login user testusername class super-user authentication plain-text-password
New password:
Retype new password:
帳號為testusername,擁有super-user的權限
設定SRX550之管理者連線time-out時間
root# set system login idle-timeout <idle-timeout> (1-60 minutes)
設定SRX550以限制管理者以特定IP登入
root# set policy-options prefix-list manager-ip x.x.x.x/x
系統時間設置
root# run set date YYYYMMDDhhmm.ss /手動設定時間
root# set system ntp server x.x.x.x /NTP設定
其他基本設定
root#set system host-name srx /設備名稱
root#set system domain-name x.x.x. /Domain name設定
root#set system name-server x.x.x.x /DNS設定
root#set system services ssh /開啟ssh遠端管理
root#set system services web-management https /開啟https遠端管理
介面IP設定
root# set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1/24
root# set interfaces ge-0/0/1 unit 0 family inet address 10.1.2.1/24
root# set routing-options static route 0.0.0.0/0 next-hop 192.168.1.1
介面Zone設定
root# set security zones security-zone untrust interfaces ge-0/0/0
Zone遠端服務功能設定
root# set security zones security-zone untrust host-inbound-traffic system-services ping
root# set security zones security-zone untrust host-inbound-traffic system-services http
root# set security zones security-zone trust interfaces ge-0/0/1 host-inbound-traffic system-services ssh
IP Address物件設定
root# set security zones security-zone trust address-book address testserver 192.168.2.90/32
root# set security zones security-zone untrust address-book address testhost 60.168.2.33/32
Applications服務物件設定
root# set applications application tcp-3389 protocol tcp /定義服務協定<TCP\UDP\ICMP\OTHER>
root# set applications application tcp-3389 source-port 1-65535 /定義服務來源端口
root# set applications application tcp-3389 destination-port 3389-3389 /定義目的服務端口
root# set applications application tcp-3389 inactivity-timeout never /定義timeout時間
Scheduler設定
root# set schedulers scheduler work-time daily start-time 09:00:00 stop-time 18:00:00
Policy配置設定
root# set security policies from-zone trust to-zone untrust policy test01 match source-address testserver-1
root# set security policies from-zone trust to-zone untrust policy test01 match destination-address testhost
root# set security policies from-zone trust to-zone untrust policy test01 match application tcp-3389
root# set security policies from-zone trust to-zone untrust policy test01 then permit
root# set security policies from-zone trust to-zone untrust policy test01 then log session-init
root# set security policies from-zone trust to-zone untrust policy test01 then log session-close
NAT配置設定
root# set security nat source rule-set testnat01 from zone trust
root# set security nat source rule-set testnat01 to zone untrust
root# set security nat source rule-set testnat01 rule rule1 match source-address 0.0.0.0/0
root# set security nat source rule-set testnat01 rule rule1 match destination-address 0.0.0.0/0
root# set security nat source rule-set testnat01 rule rule1 then source-nat interface
查看所有設定
root#show | display set
留言列表
網路設備筆記 (6)