Juniper srx interface IP Security

Source: Internet
Author: User
Tags juniper srx

 

To ensure the security of the firewall interface IP address, port 22 of the firewall's intranet IP address is mapped to port 1021 of other public network 113.106.95.x. The common Internet accesses the firewall through port 1021 of 113.106.95.x:

 

Set security zones security-zone trust address-book address juniper2541 192.168.254.1/32
# Creating elements
Set applications application juniper1021 protocol tcp
Set applications application juniper1021 source-port 0-65535
Set applications application juniper1021 destination-port 1021-1021
Set applications application juniper1021 inactivity-timeout 1800

# The service 1021 port system comes with the service. So you do not need to create
Set security nat destination pool 2541 address 192.168.254.1/32
Set security nat destination pool 2541 address port 22
Set security nat destination rule-set 1 from zone untrust
Set security nat destination rule-set 1 rule 2541 match source-address 0.0.0.0/0
Set security nat destination rule-set 1 rule 2541 match destination-address 113.106.95.x/32
Set security nat destination rule-set 1 rule 2541 match destination-port 1021
Set security nat destination rule-set 1 rule 2541 then destination-nat pool 2541


# NAT
Set security nat proxy-arp interface ge-0/0/0.0 address 113.106.95.x/32
# Proxy

Set security policies ies from-zone untrust to-zone trust policy yc2541 match source-address any
Set security policies ies from-zone untrust to-zone trust policy yc2541 match destination-address juniper2541
Set security policies ies from-zone untrust to-zone trust policy yc2541 match application juniper1021
Set security policies ies from-zone untrust to-zone trust policy yc2541 then permit
# Policy
 

This article is from the "third-party" blog

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.