1. Netscreen firewall Overview:
A. Features: layer-2 and layer-3 forwarding
Basic Package Filtering
NAT Network Address Translation
VPN Functions
B. Unified UTM Threat Management
Firewalls, routers, IPS, IDS, and anti-virus are integrated;
Such as Tian Rongxin and Lenovo domains)
2. The transparent bridging function of Netscreen:
Configure the firewall to transparent bridging:
Transparent bridging:
A. Forward data frame
B. Flood data frame
C. Filter filters data frames based on the destination MAC address)
3. Netscree's layer-3 packet forwarding function
Layer-3 packet forwarding Based on the destination IP address
Based on three tables:
A. Static route tables are usually used)
B. Dynamic Route table
C. Default route table
4. Netscreen firewall functions
Packet Filtering Based on IP address Headers
A. Protocol bit of the IP Address Source and Destination IP address
B. TCP/UDP port number
C. predefined firewall policies
5. NAT translation function of Netscreen
Source NAT and destination NAT Translation
6. VPN functions of Netscreen
A. Policy-based VPN (ipsec vpn)
B. Route-based VPN
Juniper firewall architecture:
1. Juniper firewall terms and basic components
A. Interface
Zone
Vro
Virtual System
View the firewall interface:
Fire-> get interface
View the firewall Zone:
Fire-> get zone
View the vro of the firewall:
Fire-> get vrouter
Virtualize multiple routing systems in the physical Firewall
View the firewall's virtual system:
Fire-> get vsys
Multiple firewalls in a physical firewall are called virtual systems.
B. Relationship of components:
IP belongs to interface
Interface belongs to Zone
Zone belongs to vro
Vro belongs to the Virtual System
650) this. width = 650; "src ="/e/u/themes/default/images/spacer.gif "style =" border: 1px solid # ddd; "alt =" spacer.gif "/> 650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/0925195215-0.jpg "title =" WYWCZFNXMB4 $3 (] ~ Kfh1_performance.jpg "alt =" 091933581.jpg"/> 650) this. width = 650; "src ="/e/u/themes/default/images/spacer.gif "style =" border: 1px solid # ddd; "alt =" spacer.gif "/>
* Firewall policies are based on zones.
À exec port-mode: Change the port of 5GT in four modes. You can change the interface mode;
* When configuring an IP address to an interface, you must configure the interface in a Zone;
C. Firewall Interface Definition
1. Physical Interface
Eth0/0, serial interface, FastEthernet0/0, Gi0/0
2. Virtual Interface
VLAN interface, loopback interface, Tunnel is mainly used for VPN), Multilink bundling interface;
D. Advanced firewall functions
1. Status-based firewall Detection
2. ALG Application Layer Gateway
3. Attack Defense
Prevents Ddos distributed denial-of-service attacks
Virus Scanning
Signature-based protection for IPS)
Protection and filtering of URL URLs
8. Steps for data traffic to pass the Juniper Firewall:
A. Traffic enters the interface, which belongs to the Source Zone
B. Use Screen Filter
C. check whether a Session exists.
If the traffic can match the Session, it directly enters the internal firewall process;
If the traffic does not match any Session, proceed to the next step.
D. Check whether the matching MIP/VIP has been mapped)
E. Check whether the routing process is matched
F. Check whether the firewall policy is matched.
G. Check whether NATNAT-src,/dst is matched)
H. Create a firewall Session;
I. Enter the firewall internal process to forward data packets );
Screen Filter> Session> MIP/VIP> Route lookup> Route Policy> normal NAT> Session Creation
9. Juniper product line:
A. Application-based
Supports only one virtual system Root for small office, enterprise, and home users)
5GT/HSF/SSG-20/SSG 140/SSG 520 550
B. System-based
Supports multiple virtual systems for large enterprises or ISPs );
ISG 1000/2000 NS 5400/NS 5200/NS 500
(ISG Integrated Service Gateway)
This article is from the "prickly chestnut" blog, please be sure to keep this source http://8019770.blog.51cto.com/8009770/1305036