Concepts and terminologies

1. Netscreen firewall Overview:

A. Features: layer-2 and layer-3 forwarding

Basic Package Filtering

NAT Network Address Translation

VPN Functions

B. Unified UTM Threat Management

Firewalls, routers, IPS, IDS, and anti-virus are integrated;

Such as Tian Rongxin and Lenovo domains)

2. The transparent bridging function of Netscreen:

Configure the firewall to transparent bridging:

Transparent bridging:

A. Forward data frame

B. Flood data frame

C. Filter filters data frames based on the destination MAC address)

3. Netscree's layer-3 packet forwarding function

Layer-3 packet forwarding Based on the destination IP address

Based on three tables:

A. Static route tables are usually used)

B. Dynamic Route table

C. Default route table

4. Netscreen firewall functions

Packet Filtering Based on IP address Headers

A. Protocol bit of the IP Address Source and Destination IP address

B. TCP/UDP port number

C. predefined firewall policies

5. NAT translation function of Netscreen

Source NAT and destination NAT Translation

6. VPN functions of Netscreen

A. Policy-based VPN (ipsec vpn)

B. Route-based VPN

Juniper firewall architecture:

1. Juniper firewall terms and basic components

A. Interface

Zone

Vro

Virtual System

View the firewall interface:

Fire-> get interface

View the firewall Zone:

Fire-> get zone

View the vro of the firewall:

Fire-> get vrouter

Virtualize multiple routing systems in the physical Firewall

View the firewall's virtual system:

Fire-> get vsys

Multiple firewalls in a physical firewall are called virtual systems.

B. Relationship of components:

IP belongs to interface

Interface belongs to Zone

Zone belongs to vro

Vro belongs to the Virtual System

650) this. width = 650; "src ="/e/u/themes/default/images/spacer.gif "style =" border: 1px solid # ddd; "alt =" spacer.gif "/> 650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/0925195215-0.jpg "title =" WYWCZFNXMB4 $3 (] ~ Kfh1_performance.jpg "alt =" 091933581.jpg"/> 650) this. width = 650; "src ="/e/u/themes/default/images/spacer.gif "style =" border: 1px solid # ddd; "alt =" spacer.gif "/>

* Firewall policies are based on zones.

À exec port-mode: Change the port of 5GT in four modes. You can change the interface mode;

* When configuring an IP address to an interface, you must configure the interface in a Zone;

C. Firewall Interface Definition

1. Physical Interface

Eth0/0, serial interface, FastEthernet0/0, Gi0/0

2. Virtual Interface

VLAN interface, loopback interface, Tunnel is mainly used for VPN), Multilink bundling interface;

D. Advanced firewall functions

1. Status-based firewall Detection

2. ALG Application Layer Gateway

3. Attack Defense

Prevents Ddos distributed denial-of-service attacks

Virus Scanning

Signature-based protection for IPS)

Protection and filtering of URL URLs

8. Steps for data traffic to pass the Juniper Firewall:

A. Traffic enters the interface, which belongs to the Source Zone

B. Use Screen Filter

C. check whether a Session exists.

If the traffic can match the Session, it directly enters the internal firewall process;

If the traffic does not match any Session, proceed to the next step.

D. Check whether the matching MIP/VIP has been mapped)

E. Check whether the routing process is matched

F. Check whether the firewall policy is matched.

G. Check whether NATNAT-src,/dst is matched)

H. Create a firewall Session;

I. Enter the firewall internal process to forward data packets );

Screen Filter> Session> MIP/VIP> Route lookup> Route Policy> normal NAT> Session Creation

9. Juniper product line:

A. Application-based

Supports only one virtual system Root for small office, enterprise, and home users)

5GT/HSF/SSG-20/SSG 140/SSG 520 550

B. System-based

Supports multiple virtual systems for large enterprises or ISPs );

ISG 1000/2000 NS 5400/NS 5200/NS 500

(ISG Integrated Service Gateway)

This article is from the "prickly chestnut" blog, please be sure to keep this source http://8019770.blog.51cto.com/8009770/1305036