Download - Cau Hinh Juniper Firewall WebManagerment
-
8/17/2019 Cau Hinh Juniper Firewall WebManagerment
1/12
Lab 01 Cấu hình Juniper SRX làm router WAN
Yêu cầu:
+Cấu hình cho Juniper SRX làm router WAN (Chạy PPPoE)+yn!mic NA" cho #n$i%e &à ' r! #nternet+St!tic NA" cho *n noài truy c,p http &ào We Ser&er
I. Cấu hình cơ bản:
1.1 Cấu hình password root:
set system root-authentication plain-text-password New password: xxxxxx Retype new password: xxxxxx
1.2 Cấu hình hostname:
set system host-name hcm-svuit-vsrx
1.3 Cấu hình lo!n banner:
set system login message "Webcome to SVUIT.\n ab !uniper S#\n"
1." Cấu hình t!me#one:
-
8/17/2019 Cau Hinh Juniper Firewall WebManagerment
2/12
set system time-$one GMT+7
1.$ Cấu hình name%ser&er:
set system name-ser%er 8.8.8.8set system name-ser%er 4.2.2.2
1.' ()o user *uản tr+:
set system login user svuit uid &'''set system login user svuit class super-user set system login user svuit authentication plain-text-password New password: xxxxxx
Retype new password: xxxxxx
-.u / 0 12y mình tạo u$er $&uit c3 4ull 5uy6n 5u7n tr8 (t.9n 1.9n &:i u$er root)
II. ,-t cc d+ch &/:
2.1 00 (45(
set system ser%ices ssh
set system ser%ices telnet
2.2 6, 7858975(
Cấu hình ch; cho truy c,p &ào inter4!ce e=?@?@B? (ch; cho php truyc,p t> #n$i%e)
set system ser%ices web-management http inter(ace ge-')')*.'set system ser%ices web-management https system-generated-certi(icateset system ser%ices web-management https inter(ace ge-')')*.'
set system ser%ices web-management session idle-timeout +'
2.3 Cấu hình C; cho Cl!ent Ins!de:
Cấu hình cho cDc Client tron #n$i%e nh,n CP t> Jupiter SRX
set system ser%ices dhcp pool *'.*.*.')&, address-range low *'.*.*.*& high *'.*.*.&'
-
8/17/2019 Cau Hinh Juniper Firewall WebManagerment
3/12
set system ser%ices dhcp pool *'.*.*.')&, name-ser%er /./././set system ser%ices dhcp pool *'.*.*.')&, name-ser%er ,.&.&.&set system ser%ices dhcp pool *'.*.*.')&, router *'.*.*.*
III. Cấu hình . Cấu hình ;;;o:
set inter(aces ge-')')' mac aa:bb:cc:dd:ee:ff 012u h3nh 1lone 4ac 5ddress n6u b7n d8ng Internet 9:Tset inter(aces ge-')')' unit ' encapsulation -!ver-ether
set inter(aces pp' traceoptions (lag allset inter(aces pp' unit ' !i"t-t!-!i"tset inter(aces pp' unit ' ppp-options pap de(ault-password svuit#c!mset inter(aces pp' unit ' ppp-options pap local-password svuit#c!mset inter(aces pp' unit ' ppp-options pap local-name sgds$-12%4&'-12%
set inter(aces pp' unit ' ppp-options pap assive
set inter(aces pp' unit ' pppoe-options underlying-inter(ace ge-0/0/0.0set inter(aces pp' unit ' pppoe-options c$ie"t
set inter(aces pp' unit ' "!-(eea$ivesset inter(aces pp' unit ' (amily inet mtu 14)2set inter(aces pp' unit ' (amily inet "eg!tiate-address
>. Cấu hình de?ault route:set routing-options static route '.'.'.')' next-hop pp'.' metric '
>I. Cấu hình @nam!c 58(:
-
8/17/2019 Cau Hinh Juniper Firewall WebManagerment
4/12
Cấu hình yn!mic NA" cho php #n$i%e &à ' truy c,p #nternet
set security nat source rule-set *T#,utside (rom $one Insideset security nat source rule-set *T#,utside (rom $one utside
set security nat source rule-set *T#,utside rule src-i"terface match source-address '.'.'.')'set security nat source rule-set *T#,utside rule src-i"terface match destination-address '.'.'.')'set security nat source rule-set *T#,utside rule src-i"terface then source-nat inter(ace
>II. Cấu hình 0tat!c 58(:
Cấu hình St!tic NA" cho php *n noài truy c,p http &ào We $er&er 1t tron Qone '
set security nat destination pool address *'.&.&.&'')?& port 80
set security nat destination rule-set eb#*T (rom $one >utsideset security nat destination rule-set eb#*T rule u$e#eb#*T match source-address '.'.'.')'set security nat destination rule-set eb#*T rule u$e#eb#*T match destination-address *''.*'set security nat destination rule-set eb#*T rule u$e#eb#*T match destination-port 80set security nat destination rule-set eb#*T rule u$e#eb#*T then destination-nat pool
>III. Cấu hình Aone:
B.1 Aone Ins!de:
"ạo Qone #n$i%e &à Dn #nter4!ce e=?@?@B? &ào QoneM ch; cho php cDc tr!44ice pinM %hcpMhttpM http$M$$hMtelnet
set security $ones security-$one 3"side inter(aces ge-0/0/1.0 host-inbound-tra((ic system-ser%ices pingset security $ones security-$one 3"side inter(aces ge-0/0/1.0 host-inbound-tra((ic system-ser%ices dhcpset security $ones security-$one 3"side inter(aces ge-0/0/1.0 host-inbound-tra((ic system-ser%ices httpset security $ones security-$one 3"side inter(aces ge-0/0/1.0 host-inbound-tra((ic system-ser%ices httpsset security $ones security-$one 3"side inter(aces ge-0/0/1.0 host-inbound-tra((ic system-ser%ices sshset security $ones security-$one 3"side inter(aces ge-0/0/1.0 host-inbound-tra((ic system-ser%ices telnet
B.2 Aone 7A:
"ạo Qone ' &à Dn #nter4!ce e=?@?@B? &ào QoneM ch; cho php cDc tr!44ice pinM httpMhttp$M$$hMtelnet
set security $ones security-$one M5 inter(aces ge-0/0/2.0 host-inbound-tra((ic system-ser%ices ping
-
8/17/2019 Cau Hinh Juniper Firewall WebManagerment
5/12
set security $ones security-$one M5 inter(aces ge-0/0/2.0 host-inbound-tra((ic system-ser%ices httpset security $ones security-$one M5 inter(aces ge-0/0/2.0 host-inbound-tra((ic system-ser%ices httpsset security $ones security-$one M5 inter(aces ge-0/0/2.0 host-inbound-tra((ic system-ser%ices sshset security $ones security-$one M5 inter(aces ge-0/0/2.0 host-inbound-tra((ic system-ser%ices telnet
B.3 Aone uts!de:
"ạo Qone ut$i%e Dn #nter4!ce e=?@?@?B? M pp?B? (inter4!ce IKt nTi PPPoE) &ào Qone
set security $ones security-$one ,utside inter(aces 0.0set security $ones security-$one ,utside inter(aces ge-0/0/0.0
-.u /F mUi inter4!ce ch; 1.c Vn &:i mt QoneM mc 18nh inter4!ce 1L e%DEDED.D 1.cDn cho Qone untrust n*n ạn ph7i Y inter4!ce e%DEDED.D r! Ihoi Qone untrust tr.:c
Ihi Dn n3 cho Qone uts!de.
delete security zones security-zone untrust interfaces ge-0/0/0.0
'c 18nh 1L c3 cDc Qone$ &à policy $!uF
6666666666666666666666666666666666
r!!t sh! securit9 !"es
Security $one@ trustSend reset (or non-SAB session T1: pacCets@ >n:olicy con(igurable@ AesInter(aces bound@ 'Inter(aces@
Security $one@ u"trustSend reset (or non-SAB session T1: pacCets@>(( :olicy con(igurable@ AesScreen@ untrust-screenInter(aces bound@ *Inter(aces@ ge-0/0/0.0
Security $one@ ;u"!s-h!stSend reset (or non-SAB session T1: pacCets@>(( :olicy con(igurable@ AesInter(aces bound@ 'Inter(aces@
r!!t sh! securit9 !$icies
-
8/17/2019 Cau Hinh Juniper Firewall WebManagerment
6/12
#n$i%e r! ut$i%e
set security policies (rom-$one 3"side to-$one ,utside policy 3"side#,utside match source-address anset security policies (rom-$one 3"side to-$one ,utside policy 3"side#,utside match destination-addreset security policies (rom-$one 3"side to-$one ,utside policy 3"side#,utside match application any
set security policies (rom-$one 3"side to-$one ,utside policy 3"side#,utside then permit
G.2 Ins!de to 6,
"ạo policy cho pehp$ truy c,p t> #n$i%e &ào '
set security policies (rom-$one 3"side to-$one M5 policy eb#3"side#M5 match source-address aset security policies (rom-$one 3"side to-$one M5 policy eb#3"side#M5 match destination-addrset security policies (rom-$one 3"side to-$one M5 policy eb#3"side#M5 match application Funoset security policies (rom-$one 3"side to-$one M5 policy eb#3"side#M5 match application Funo
set security policies (rom-$one 3"side to-$one M5 policy eb#3"side#M5 then permit
G.3 uts!de to 6,
"ạo policy chop php truy c,p t> u$i%e &ào We Ser&er 1t tron '
set security policies (rom-$one ,utside to-$one M5 policy eb#,utside#M5 match source-addreset security policies (rom-$one ,utside to-$one M5 policy eb#,utside#M5 match destination-aset security policies (rom-$one ,utside to-$one M5 policy eb#,utside#M5 match application Fuset security policies (rom-$one ,utside to-$one M5 policy eb#,utside#M5 match application Fuset security policies (rom-$one ,utside to-$one M5 policy eb#,utside#M5 then permit
7Ht s lJnh K!Lm tra cấu hình:0how thMn t!n cc Inter?ace:
-
8/17/2019 Cau Hinh Juniper Firewall WebManagerment
7/12
0how thMn t!n bản
-
8/17/2019 Cau Hinh Juniper Firewall WebManagerment
8/12
0how thMn t!n cấp C;:
Cl!ent tron !ns!de nh-n I; tO C;(ru@ c-p Internet(ru@ c-p 6ebs!te nH! bH tron &Pn 7A
-
8/17/2019 Cau Hinh Juniper Firewall WebManagerment
9/12
(O Ins!de tru@ c-p &Qo 6eb%7anaement:
-
8/17/2019 Cau Hinh Juniper Firewall WebManagerment
10/12
-
8/17/2019 Cau Hinh Juniper Firewall WebManagerment
11/12
-
8/17/2019 Cau Hinh Juniper Firewall WebManagerment
12/12