Juniper Firewall - ISG-1000、SSG-550

 指令

 get config | include 3389          //顯示設定，並只顯示有關鍵字 "3389" 的設定

 Juniper-6350

set routing-options static route 192.168.5.74/32 discard          //封鎖此 IP

Juniper-ISG1000

set interface "Inter1" mip 10.10.10.50 host 192.168.10.100 netmask 255.255.255.255 vr "trust-vr"          //設定內部 IP 轉址

set address "Untrust" "_1.1.1.15/32" 1.1.1.15 255.255.255.255 "測試用"          //設定外部要連進來的 IP

set service "TCP_80&443" protocol tcp src-port 0-65535 dst-port 80-80          //設定 port

set service "TCP_80&443" + tcp src-port 0-65535 dst-port 443-443          //在同樣名字裡附加其他 port

set policy id  from "Untrust" to "Trust"  "_1.1.1.15/32" "MIP(61.60.127.179)" "TCP_80&443" permit log          //設定 police 允許從外部 IP 連線並經由 MIP 轉址進到內部 Server

Ins5 SSG-550 新增IP

set address "Untrust" "_192.168.5.58/32" 192.168.5.58 255.255.255.255

WAF 網路應用程式防火牆

WAF 網路應用程式防火牆

http://www.amxecure.com/index.php/zh/securecontrol/476-securespherewaf

http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=7276

http://www.techbang.com/posts/1826-waf-web-host-bridge-is-falling-down

作個記錄