2012年7月5日 星期四

Juniper SRX-100

預設帳號 : root    密碼 : (空)    IP : 192.168.1.1

密碼復原 :

1. 正面電源鈕開機,然後快速按下空白鍵,輸入 =》bootd

2. 輸入後再次按下空白鍵,並輸入 Loader > boot -s

3. 看見提示 for/bin/sh 時,輸入 recovery

4. 進入系統後,刪除 root 密碼  root# delete system root-authentication

5. 重新輸入密碼 root# set system root-authentication plain-text-password   ,然後 commit


設定 IP :
#set interfaces vlan unit 0 family inet address 192.168.0.1/24

#set interfaces fe-0/0/0 unit 0 family inet address 192.168.1.1/24

#set interfaces fe-0/0/1 unit 0 family inet address 192.168.0.254/24

** 設定 fe-0/0/1 時,要先刪除原本的 family **
#delete  interfaces fe-0/0/1 unit 0 family


靜態路由 : 
#set routin-options static  route 0.0.0.0/0 next-hop 192.168.0.254


刪除不用的 DHCP :
#delete system services dhcp


防火牆 ( 四行一組 ) ( any-to-any 作為範例 )

設定 trust 至 untrust 的來源 IP : ANY
#set security policies from-zone trust to-zone untrust policy truse-to-untrust match source-address any

設定 trust 至 untrust 的目的 IP : ANY
#set security policies from-zone trust to-zone untrust policy truse-to-untrust match destination-address any

設定 trust 至 untrust 的協定 : ANY ( 如 : ping、https、ssh )
#set security policies from-zone trust to-zone untrust policy truse-to-untrust match application any

設定此項為 permit ( 允許 )
#set security policies from-zone trust to-zone untrust policy truse-to-untrust then permit



設定 untrust 至 trust 的來源 IP : ANY
#set security policies from-zone untrust to-zone trust policy truse-to-untrust match source-address any

設定 untrust 至 trust 的目的 IP : ANY 
#set security policies from-zone untrust to-zone trust policy truse-to-untrust match destination-address any

設定 untrust 至 trust 的協定 : ANY ( 如 : ping、https、ssh )
#set security policies from-zone untrust to-zone trust policy truse-to-untrust match application any

設定此項為 permit ( 允許 ) 
#set security policies from-zone untrust to-zone trust policy truse-to-untrust then permit


開啟 WAN 的 ping 功能
#set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services ping

#set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services https

#set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services http
張貼者:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)