juniperSRX透明模式配置

更新时间：2023-12-01 20:30:01 阅读量：教育文库文档下载

说明：文章内容仅供预览，部分内容可能不全。下载后的文档，内容与下面显示的完全一致。下载之前请确认下面内容是否您想要的，是否完整无缺。

juniperSrx345 防攻击推荐度：
相关推荐

root@lz# commit

warning: Interfaces are changed from route mode to transparent mode. Please reboot the device or all nodes in the HA cluster! commit complete

root# run show configuration | display set set version 11.1R3.5

set system root-authentication encrypted-password \set system name-server 208.67.222.222 set system name-server 208.67.220.220 set system services ssh set system services telnet

set system services xnm-clear-text

set system services web-management http interface vlan.0 set system services web-management http interface irb.0

set system services web-management https system-generated-certificate set system services web-management https interface vlan.0 set system services dhcp propagate-settings ge-0/0/0.0 set system syslog archive size 100k set system syslog archive files 3

set system syslog user * any emergency set system syslog file messages any critical

set system syslog file messages authorization info

set system syslog file interactive-commands interactive-commands error set system max-configurations-on-flash 5 set system max-configuration-rollbacks 5

set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set interfaces ge-0/0/0 unit 0 family bridge interface-mode access set interfaces ge-0/0/0 unit 0 family bridge vlan-id 10

set interfaces ge-0/0/1 unit 0 family bridge interface-mode access set interfaces ge-0/0/1 unit 0 family bridge vlan-id 10

set interfaces ge-0/0/2 unit 0 family bridge interface-mode access set interfaces ge-0/0/2 unit 0 family bridge vlan-id 10

set interfaces ge-0/0/3 unit 0 family bridge interface-mode access set interfaces ge-0/0/3 unit 0 family bridge vlan-id 10

set interfaces ge-0/0/4 unit 0 family bridge interface-mode access set interfaces ge-0/0/4 unit 0 family bridge vlan-id 10

set interfaces irb unit 0 family inet address 192.168.201.206/24 set interfaces vlan unit 0

set routing-options static route 0.0.0.0/0 next-hop 192.168.201.251 set protocols stp

set security screen ids-option untrust-screen icmp ping-death

set security screen ids-option untrust-screen ip source-route-option

set security screen ids-option untrust-screen ip tear-drop

set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land

set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any

set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any

set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit

set security policies from-zone trust to-zone untrust policy trust-to-untrust then log session-init set security policies from-zone trust to-zone untrust policy trust-to-untrust then log session-close set security policies from-zone trust to-zone untrust policy trust-to-untrust then count set security zones security-zone trust host-inbound-traffic system-services all set security zones security-zone trust host-inbound-traffic protocols all set security zones security-zone trust interfaces ge-0/0/1.0 set security zones security-zone trust interfaces ge-0/0/2.0 set security zones security-zone trust interfaces ge-0/0/3.0 set security zones security-zone trust interfaces ge-0/0/4.0 set security zones security-zone untrust screen untrust-screen

set security zones security-zone untrust host-inbound-traffic system-services all set security zones security-zone untrust host-inbound-traffic protocols all set security zones security-zone untrust interfaces ge-0/0/0.0 set bridge-domains brige1 domain-type bridge set bridge-domains brige1 vlan-id 10

set bridge-domains brige1 routing-interface irb.0 set vlans vlan-trust vlan-id 3

set vlans vlan-trust l3-interface vlan.0

[edit]

本文来源：https://www.bwwdw.com/article/pp2t.html

相关文章：

正在阅读：

juniperSRX透明模式配置12-01

甲级单位编制复印机发光丝项目可行性报告（立项可研+贷款+用地+2013案例）设计方案12-05

PMBOK指南（第5版）第十章习题11-15

2016年度家庭记账本05-20

关于公布中考阅卷教师名单及报到要求的04-01

书法教案06-19

七年级下册生物血液循环难点知识点06-06

就业指导和创业教育--教案 - 图文12-26

岁末营销案例趣味乱弹01-14

电气照明线路导线根数全解05-02

上一篇：2016年度学校目标考核评估自查报告下一篇：全县工业经济工作会议主持词