Home > Others

Juniper SRX Firewall NAT Configuration

Source: Internet
Author: User
Tags juniper srx
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

First, the basic operating instructions:

1, Equipment Recovery Factory

root# Load Factory-default

root# Set System Root-authentication Plain-text-password

root# Commit

Root> Request System reboot

2. Basic Configuration

2.1 Configuring host names

root# Set System Host-name SRX1400

2.2 Setting the time zone

[Email protected]# Set System Time-zoneasia/shanghai

2.3 Setting Time

[Email protected]# run Set Date 201508011549.21

2.4 setting up DNS

[Email protected]# Set System name-server202.l06.0.20

2.5 Setting the interface IP

[Email protected]# set Interfaces ge-0/0/0 unit0 family inet address 10.0.0.10/24

2.6 Setting the default route

[Email protected]# set routing-options staticroute 0.0.0.0/0 next-hop 10.0.0.254

2.7 Creating a login user

[Email protected]# set System login user Adminclass Super-user authentication Plain-text-password

2.8 Creating a secure Zone

[Email protected]# set security Zonessecurity-zone untrust

2.9 interface Join Zone

[Email protected]# set security zones security-zoneuntrust interfaces ge-0/0/0.0

2.10 Service port release ICMP

[Email protected] #set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services Pi Ng

Note: By default, ICMP is required to be released, except for business ports that are not managed to be ping-through.

Second,Juniper SRX NAT

1 . Types of NAT

1.1 Source Nat:interface

1.2 Source NAT:p Ool

1.3 Destination NAT

1.4 Static NAT

2. Configuration Example

2.1 interface-based source NAT

[Email protected]# Set security Nat Sourcerule-set 1 from Zone Trust

Ro[email protected]# Set security Nat Sourcerule-set 1 to Zone untrust

[Email protected]# Set security Nat sourcerule-set 1 rule rule1 match source-address 0.0.0.0/0 destination-address 0.0.0.0 /0

[Email protected]# Set security Nat sourcerule-set 1 rule rule1 then Source-nat interface

Default Police

Policy Default-permit {

Match {

Source-address any;

Destination-address any;

Application any;

}

then {

Permit

}

}

2.2 Source NAT based on the address pool

[Email protected]# Set security NAT source Poolisp address 10.0.0.20 to 10.0.30

[Email protected]# Set security Nat Sourcerule-set 1 from Zone Trust

[Email protected]# Set security Nat Sourcerule-set 1 to Zone untrust

[Email protected]# Set security Nat sourcerule-set 1 rule rule1 match source-address 0.0.0.0/0 destination-address 0.0.0.0 /0

[Email protected]# Set security Nat sourcerule-set 1 rule rule1 then Source-nat pool ISP

[Email protected]# Set security Nat proxy-arpinterface ge-0/0/0 address 10.0.0.20 to 10.0.0.30

2.3 Destination NAT configuration

[Email protected]# Set security Nat Destinationpool DST-NAT-POOL-1 address 172.16.1.1/32

[Email protected]# Set security NAT Destinationpool DST-NAT-POOL-1 address Port 80

[Email protected]# Set security Nat Destinationrule-set rs1 from Zone untrust

[Email protected]# Set security Nat destinationrule-set Rs1 Rule 1 match destination-address 10.0.0.100/32

[Email protected]# Set security NAT Destinationpool DST-NAT-POOL-1 address Port 80

[Email protected]# Set security Nat proxy-arpinterface ge-0/0/0.0 address 10.0.0.100/32

[Email protected]# set security Address-bookglobal address Web 172.16.1.1/32

[Email protected]# Set security Nat destinationrule-set Rs1 rule 1 then Destination-nat pool DST-NAT-POOL-1

[Email protected]# set security Policiesfrom-zone untrust To-zone trust policy web match source-address any

[Email protected]# set security Policiesfrom-zone untrust To-zone trust policy web match destination-address Web match AP Plication any

[Email protected]# set security Policiesfrom-zone untrust To-zone trust policy

[Email protected]# set security Policiesfrom-zone untrust To-zone Trust policy web then permit

[Email protected]# Insert Security Policiesfrom-zone untrust to-zone Trust policy web before policy Default-deny

2.4 Static NAT configuration

[Email protected]# Set security Nat Staticrule-set rs1 from Zone untrust

[Email protected]# Set security Nat staticrule-set Rs1 rule R1 match destination-address 10.0.0.100/32

[Email protected]# Set security Nat staticrule-set Rs1 rule R1 then static-nat prefix 172.16.1.1/32

[Email protected]# Set security Nat proxy-arpinterface ge-0/0/0.0 address 10.0.0.100/32

[Email protected]# set security Address-bookglobal address Web 172.16.1.1/32

[Email protected]# set security policiesfrom-zone untrust to-zone untrust web match source-address any destination-address Web Application Any

[Email protected]# set security Policiesfrom-zone untrust To-zone Trust policy web then permit

[Email protected]# Insert Security Policiesfrom-zone untrust To-zone Trust Web before policy Default-deny


This article is from the "Network Technology" blog, please be sure to keep this source http://zhangjialin.blog.51cto.com/10512577/1680838

Juniper SRX Firewall NAT Configuration

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
juniper srx firewall srx firewall juniper srx ips juniper srx wireless juniper srx price juniper srx series juniper srx book

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More