juniper防火墙基本安全策略

《juniper防火墙基本安全策略》由会员上传分享，免费在线阅读，更多相关内容在教育资源-天天文库。

1、Juniper防火墙安全策略ITman论坛http://www.itman1024.comSecurityZonesandPoliciesInter-ZonetrafficmustbecheckedbypolicyIntra-ZonetrafficmaybecheckedbypolicyExternalZonePrivateZone1.1.70.2501.1.70.0/2410.1.10.510.1.20.0/24B10.1.10.0/24PublicZone10.1.20.5.254200.5.5.5ABCD10.1.1.0/24

2、10.1.2.0/24.1.254.1.2541.1.7.0/241.1.8.0/24.254.1SrcIPDestIPProtocolSrcPortDstPortData10.1.10.51.1.70.250063603380#$%&PolicyComponentsSource&DestinationAddressBookAddressGroupServicePre-definedServiceCustomServiceCustomServiceGroupActionPermitDenyTunnelOptionsCoveredi

3、nnextchapterPolicyConfigurationProcedureCreateAddressBookentriesforeachzoneDefineanycustomservicesneededforyournetworkCreatepolicyentriesSortpolicysetforproperorderingStep1:AddressBookEntriesExternalZonePrivateZone1.1.70.2501.1.70.0/2410.1.10.510.1.20.0/24B10.1.10.0/24

4、PublicZone10.1.20.5.254200.5.5.5ABCD10.1.1.0/2410.1.2.0/24.1.254.1.2541.1.7.0/241.1.8.0/24.254.1E1–10.1.1.1E2–10.1.2.1E7–1.1.7.1E8–1.1.8.1AddressBook-WebUIEntriesdisplayedbasedonzoneUsealphabetbuttonstofilterdisplaywhenlargenumbersofaddressesareconfiguredClickon“New”bu

5、ttontoaddanentryObjects>Addresses>ListNewAddressEntryAddressnameisusedinaddresslistandpolicylistMakethenamemeaningfultoyournetwork!CommentisyouropportunityforembeddeddocumentationChoiceofaddress/maskordomainnameDomainnamerequiresDNSconfigurationObjects>Addresses>List(N

6、ew)AddressBook–CLIsetaddress/ns208->setaddressPrivatePrivatePC10.1.10.5/32setaddressns208->setYahooyahoo.comns208->getaddressaddrzonenamePrivatePrivateAddresses:NameAddressNetmaskFlag

7、CommentsAny0.0.0.00.0.0.002AllAddrDial-UpVPN255.255.255.255255.255.255.25502Dial-UpVPNAddrPrivatePC10.1.10.5255.255.255.25500IPAddressViewingtheaddressbookDomainnameStep2:ServicesAddressbookentriesdefinewheretrafficcanflowfromandtoServiceentriesdefinethetypeoftrafficPr

8、otocolandportnumbersPredefinedServicesgetservicepre-definedObjects>Services>PredefinedCreatingaCustomServicesetservic