Home > Cloud Computing > Cloud Security

Juniper srx650 protection firewall public IP address attacked method 1

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

 

The Intranet accesses the Internet through the NAT of the source address. Generally, this public IP address is the firewall IP address, that is, the Intranet public IP address. By default, the Administrator opens http, https, ssh, and other ports for ease of management. In this way, the password is easily guessed by people on the Internet. The following measures are taken:

Services related to open systems:

Set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh

Set system services ssh

Set system services telnet

Set system services web-management http interfaces ge-0/0/3.0

Set system services web-management https system-generated-certificate

Set system services web-management https interface ge-0/0/1.0

Set security zones security-zone trust host-inbound-traffic system-services all

Set security zones security-zone trust host-inbound-traffic protocols all

Set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services dhcp

Set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services ping

Set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services http

Set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services https

Set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services ssh

The idea is as follows:

Disable the service of the public ip address, and map the Management port of the internal IP address of the firewall to a port of another public network.

Delete security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh

/*/Create Element

Set security zones security-zone trust address-book address juniper2541 192.168.254.1/32

# Create a NAT

Set security nat destination pool 2541 address 192.168.254.1/32

Set security nat destination pool 2541 address port 22

Set security nat destination rule-set 1 rule 2541 match source-address 0.0.0.0/0

Set security nat destination rule-set 1 rule 2541 match destination-address 113.106.95.x/32

Set security nat destination rule-set 1 rule 2541 match destination-port 1055

Set security nat destination rule-set 1 rule 2541 then destination-nat pool 2541

# Creating a policy

Set security policies ies from-zone untrust to-zone trust policy yc2541 match source-address any

Set security policies ies from-zone untrust to-zone trust policy yc2541 match destination-address juniper2541

Set security policies ies from-zone untrust to-zone trust policy yc2541 match application juniper1055

Set security policies ies from-zone untrust to-zone trust policy yc2541 then permit

 

 

 

This article is from the "third-party" blog

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
buy public ip address purchase public ip address public ntp server ip address what is public ip address and port how to buy public ip address public method 1 0 0 0 1 ip address

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More