Kontrol Policy
Operation | Command |
---|---|
show zone | > show security zones # run show security zones |
show policy | >show security policies > show configuration security policies |display set #show | display set | no-more | match policy # run show security policies # run show security policies from ZONE to ZONE |
show default application | # show groups junos-defaults applications | hold XXXX |
Security Zone Oluşturma
root> configure root# set security zones security-zone Trust interfaces reth0.0 root# set security zones security-zone Unrust interfaces reth1.0 root# show | compare root# commit check root# commit
Policy Ekleme
create address-book and attach address-book to zone
# set security zones security-zone TRUST address-book address NW1 192.168.10.0/24 or # set security address-book TRUST-NW address NW1 192.168.10.0/24 # set security address-book TRUST-NW attach zone TRUST
set security zones security-zone untrust address-book address test-01 xx.xx.xx.xx/32 set security zones security-zone untrust address-book address test-02 xx.xx.xx.xx/32 set security zones security-zone untrust address-book address-set test address test-01 set security zones security-zone untrust address-book address-set test address test-02
Appplication Oluşturma
# set applications application test9999 protocol tcp # set applications application test9999 source-port 0-65535 # set applications application test9999 destination-port 9999
Policy Oluşturma
# set security zones security-zone DMZ address-book address test-server1 100.100.100.11/32 # set security policies from-zone untrust to-zone DMZ policy 030102013 match source-address any # set security policies from-zone untrust to-zone DMZ policy 030102013 match destination-address test-server1 # set security policies from-zone untrust to-zone DMZ policy 030102013 match application junos-http junos-https # set security policies from-zone untrust to-zone DMZ policy 030102013 then permit # set security policies from-zone untrust to-zone DMZ policy 030102013 then log session-init
# edit security policies from-zone UNTRUST to-zone TRUST # set policy UNTRUST2TRUST match source-address any # set policy UNTRUST2TRUST match destination-address NW1 # set policy UNTRUST2TRUST match application junos-https junos-http # set policy UNTRUST2TRUST then permit # set policy UNTRUST2TRUST then count # show
# edit security policies from-zone UNTRUST to-zone TRUST policy UNTRUST2TRUST # set match source-address any # set match destination-address NW1 # set match application junos-https junos-http # set then permit # set then count # show
Policy Order Değişiklik
# edit security policies from-zone untrust to-zone DMZ # insert policy 10 before policy 6
Policy Güncelleme
add smtp # set security policies from-zone untrust to-zone DMZ policy 03102013 match application junos-smtp remove https # delete security policies from-zone untrust to-zone DMZ policy 03102013 match application junos-https
Policy Silme
# delete security policies from-zone untrust to-zone DMZ policy 03102013
Policy Aktife ve İnaktif Etme
# edit security policies from-zone untrust to-zone DMZ policy 10 # inactive # active