溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

JuniperSRX Filter-Based Forwarding

發(fā)布時(shí)間:2020-07-17 13:35:06 來源:網(wǎng)絡(luò) 閱讀:482 作者:terence88 欄目:網(wǎng)絡(luò)安全

就是策略路由

1) 創(chuàng)建routing-instance(SP1,SP2),instance-type為fowarding


edit routing-instance [SP1] instance-type forwading

    set routing-options static route 0/0 nex-hop 202.100.1.1


edit routing-instance [SP2] instance-type forwading

    set routing-options static route 0/0 nex-hop 202.100.2.1


2)創(chuàng)建firewall filter


edit friewall filter [Inside1] term [1] 

    set from source-address 10.1.1.0/24

    set then routing-instance SP1

    set term [Default-Permit-All] then accept


set firewall filter [Inside1] term [1] from source-address 10.1.1.0/24

set firewall filter [Inside1] term [1] from source-port xxxx

set firewall filter [Inside1] term [1] destination-address x.x.x.x/x

set firewall filter [Inside1] term [1] destination-port xxxx

set firewall filter [Inside1] term [1] then routing-instance SP1

set firewall filter [Inside1] term [Default-Permit] then accept


edit firewall filter [Inside2] term [2]

    set from source-address 

    set then routing-instance SP2

    set term [Default-Permit-All] then accept


3)接口 調(diào)用filter

set interface ge-0/0/2.0 family inet filter input Inside1

set interfaes ge-0/0/3.0 family inet filter input Inside2


4)合并路由表

run show route    //查看全局路由表中,是沒有前面定義的routing-instance中的路由的

show routing-instances


edit routing-options 

    set interface-routes rib-group inet [Policy-Routing]

    edit rib-groups [Policy-Routing]

        set import-rib [inet.0 SP1.inet.0 SP2.inet.0]


run show route    //查看合并后的路由表


5)創(chuàng)建Zone間策略:Security Policis(放行流量Inside1->Outside;Inside2->Outside)

set security policies from-zone Inside1 to-zone Outside policy Default-Permit-All

    set match source-address any

    set match destination-address any

    set match application any

    set then permit

set security policies from-zone Inside2 to-zone Outside policy Default-Permit-All

    set match sourc-address any

    set match destination-address any

    set match application-address any

    set then permit


#show security policies

#run show security flow session



向AI問一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI