码迷,mamicode.com
首页 > 其他好文 > 详细

SRX 透明模式配置

时间:2018-02-07 17:09:09      阅读:187      评论:0      收藏:0      [点我收藏+]

标签:dom   manage   add   access   模式   out   ems   traffic   配置   

注意,这个是12.1 和12.3 版本或是之前的基本配置案例,15.1或之后的配置有细微区别,有需要可以找找KB或是官方文档。
set bridge-domains bd1 domain-type bridge vlan-id 10
set interface irb unit 0 family inet address 10.1.1.1/24 web-authentication http
set bridge-domains bd1 routing-interface irb.0
set routing-options static route 0.0.0.0/0 next-hop 10.1.1.254
set systemservices web-management http
set interfaces ge-0/0/0 unit 0 family bridge interface-mode access
set interfaces ge-0/0/0 unit 0 family bridge vlan-id 10
set interfaces ge-0/0/1 unit 0 family bridge interface-mode access
set interfaces ge-0/0/1 unit 0 family bridge vlan-id 10
set security zones security-zone l2-trust interfaces ge-0/0/0.0 host-inbound-traffic systemservices all
set security zones security-zone l2-untrust interfaces ge-0/0/1.0 host-inbound-traffic systemservices ftp
set security zones security-zone l2-untrust interfaces ge-0/0/1.0 host-inbound-traffic systemservices ping
set security zones security-zone l2-untrust interfaces ge-0/0/1.0 host-inbound-traffic systemservices http
set security zones security-zone l2-untrust interfaces ge-0/0/1.0 host-inbound-traffic systemservices https
set security zones security-zone l2-untrust interfaces ge-0/0/1.0 host-inbound-traffic systemservices ssh
set security policies from-zone l2-trust to-zone l2-untrust policy p1 match source-address 10.1.1.1/24
set security policies from-zone l2-trust to-zone l2-untrust policy p1 match destination-address 20.1.1.1/32
set security policies from-zone l2-trust to-zone l2-untrust policy p1 match application http
set security policies from-zone l2-trust to-zone l2-untrust policy p1 then permit

set security policies from-zone l2-trust to-zone l2-untrust policy p2 match source-address 10.1.1.1/24
set security policies from-zone l2-trust to-zone l2-untrust policy p2 match destination-address 20.1.1.1/32
set security policies from-zone l2-trust to-zone l2-untrust policy p2 match application ping
set security policies from-zone l2-trust to-zone l2-untrust policy p2 then permit

set security policies from-zone l2-trust to-zone l2-untrust policy p3 match source-address 10.1.1.1/24
set security policies from-zone l2-trust to-zone l2-untrust policy p3 match destination-address 20.1.1.1/32
set security policies from-zone l2-trust to-zone l2-untrust policy p3 match application ssh
set security policies from-zone l2-trust to-zone l2-untrust policy p3 then permit

SRX 透明模式配置

标签:dom   manage   add   access   模式   out   ems   traffic   配置   

原文地址:http://blog.51cto.com/10242469/2069907
(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
分享档案
更多>
2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)
周排行
mamicode.com排行更多图片
更多
友情链接
兰亭集智   国之画   百度统计   站长统计   阿里云   chrome插件   新版天听网
关于我们 - 联系我们 - 留言反馈
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!