To ensure the security of the firewall interface IP address, port 22 of the firewall's intranet IP address is mapped to port 1021 of other public network 113.106.95.x. The common Internet accesses the firewall through port 1021 of 113.106.95.x:
Set security zones security-zone trust address-book address juniper2541 192.168.254.1/32
# Creating elements
Set applications application juniper1021 protocol tcp
Set applications application juniper1021 source-port 0-65535
Set applications application juniper1021 destination-port 1021-1021
Set applications application juniper1021 inactivity-timeout 1800
# The service 1021 port system comes with the service. So you do not need to create
Set security nat destination pool 2541 address 192.168.254.1/32
Set security nat destination pool 2541 address port 22
Set security nat destination rule-set 1 from zone untrust
Set security nat destination rule-set 1 rule 2541 match source-address 0.0.0.0/0
Set security nat destination rule-set 1 rule 2541 match destination-address 113.106.95.x/32
Set security nat destination rule-set 1 rule 2541 match destination-port 1021
Set security nat destination rule-set 1 rule 2541 then destination-nat pool 2541
# NAT
Set security nat proxy-arp interface ge-0/0/0.0 address 113.106.95.x/32
# Proxy
Set security policies ies from-zone untrust to-zone trust policy yc2541 match source-address any
Set security policies ies from-zone untrust to-zone trust policy yc2541 match destination-address juniper2541
Set security policies ies from-zone untrust to-zone trust policy yc2541 match application juniper1021
Set security policies ies from-zone untrust to-zone trust policy yc2541 then permit
# Policy
This article is from the "third-party" blog