Junos Policy Yapılandırma Örnekleri Juniper

cemerbas 30 Haziran 2019 Juniper Leave a comment 450 Views

Kontrol Policy

OperationCommand
show zone> show security zones 
# run show security zones
show policy>show security policies 
> show configuration security policies |display set 
#show | display set | no-more | match policy 
# run show security policies 
# run show security policies from ZONE to ZONE
show default application# show groups junos-defaults applications | hold XXXX

Security Zone Oluşturma

root> configure
root# set security zones security-zone Trust interfaces reth0.0
root# set security zones security-zone Unrust interfaces reth1.0
root# show | compare
root# commit check
root# commit

Policy Ekleme

create address-book and attach address-book to zone

# set security zones security-zone TRUST address-book address NW1 192.168.10.0/24
or
# set security address-book TRUST-NW address NW1 192.168.10.0/24
# set security address-book TRUST-NW attach zone TRUST
set security zones security-zone untrust address-book address test-01 xx.xx.xx.xx/32
set security zones security-zone untrust address-book address test-02 xx.xx.xx.xx/32
set security zones security-zone untrust address-book address-set test address test-01
set security zones security-zone untrust address-book address-set test address test-02

Appplication Oluşturma

# set applications application test9999 protocol tcp
# set applications application test9999 source-port 0-65535
# set applications application test9999 destination-port 9999

Policy Oluşturma

# set security zones security-zone DMZ address-book address test-server1 100.100.100.11/32

# set security policies from-zone untrust to-zone DMZ policy 030102013 match source-address any
# set security policies from-zone untrust to-zone DMZ policy 030102013 match destination-address test-server1
# set security policies from-zone untrust to-zone DMZ policy 030102013 match application junos-http junos-https
# set security policies from-zone untrust to-zone DMZ policy 030102013 then permit
# set security policies from-zone untrust to-zone DMZ policy 030102013 then log session-init
# edit security policies from-zone UNTRUST to-zone TRUST
# set policy UNTRUST2TRUST match source-address any
# set policy UNTRUST2TRUST match destination-address NW1
# set policy UNTRUST2TRUST match application junos-https junos-http
# set policy UNTRUST2TRUST then permit
# set policy UNTRUST2TRUST then count
# show
# edit security policies from-zone UNTRUST to-zone TRUST policy UNTRUST2TRUST
# set match source-address any
# set match destination-address NW1
# set match application junos-https junos-http
# set then permit
# set then count
# show

Policy Order Değişiklik

# edit security policies from-zone untrust to-zone DMZ
# insert policy 10 before policy 6

Policy Güncelleme

add smtp
# set security policies from-zone untrust to-zone DMZ policy 03102013 match application junos-smtp

remove https
# delete security policies from-zone untrust to-zone DMZ policy 03102013 match application junos-https

Policy Silme

# delete security policies from-zone untrust to-zone DMZ policy 03102013

Policy Aktife ve İnaktif Etme

# edit security policies from-zone untrust to-zone DMZ policy 10
# inactive
# active

About cemerbas

Check Also

Junos NAT Yapılandırma Örnekleri Juniper

Show OperationCommand# show security nat # show security nat | display setshow source nat> show security …

Bir yanıt yazın

* Powered by WordPress | Designed by Cem Kemal Erbaş
© Copyright 2015 - 2024, All RigReservedhts