NetScreen Juniper SSG Operation command
April 10, 2013
Command line get configuration information get config
command line to get the time set to get clock
Set Vrouter TRUST-VR sharable settings Consider router TRUST-VR can share set Vsys "Vrouter"/Set virtual router for other UNTRUST-VR systems Set Vrouter "TRUST-VR"/Set Virtual router set zone "Untrust" Vroute "UNTRUST-VR" zone untrust to U In NTUST-VR
Zone Untrust is modified to UNTRUST-VR
JUNIPER NTP time setting set clock dst-offset clock ntpset clock timezone 8set NTP server "10.47.168.190" set NTP interval 1440set nt P Max-adjustment 5
Add Admin ipset admin manager-ip 192.168.6.0 255.255.255.0
Set Admin Manager-ip 114.255.150.140 255.255.255.255
Set Admin Manager-ip 219.141.171.130 255.255.255.255 A firewall with two external interfaces, this command is particularly important. Set source-routing Enable//Allow source-based routing about Juniper route set Vrouter "UNTRUST-VR"----The following is the route of UNTRUST-VR, otherwise it will not go out of the set Source-routin G Enableset Route 0.0.0.0/0 Gateway 220.248.44.145
set route 172.28.9.109/32 vrouter "TRUST-VR" preference metric 1//This is especially important, when the VPN is here to add an internal routing strategy, or VPN will be able to build, But the ping doesn't work. Exit set Vrouter "TRUST-VR"-------------------------------------the following is the route in TRUST-VR
Unset Add-default-route
Set route 172.28.13.0/24 Gateway 172.28.9.254//This is the set route that is manually routed after you 0.0.0.0/0 vrouter UNTRUST-VR preference 1//this is still necessary, otherwise the intranet will not go out. About NAT mappings for Juniperwhen doing VIP only support interface of the same subnet mask IP address, if not the same subnet mask IP address, add not into VIP inside,
Therefore, this firewall also needs to be set up. Further research is needed at this later stage.
Juniper SSG Common Commands
