11. Configure the default route.
[edit]
admin@# set routing-options static route 0.0.0.0/0 next-hop gateway
12. Configure basic security zones and bind them to traffic interfaces.
[edit]
admin@# set security zones security-zone untrust interfaces ge-0/0/1
13. Configure basic security policies.
[edit]
admin@# set security policies from-zone trust to-zone untrust policy policy-name
match source-address any destination-address any application any
admin@# set security policies from-zone trust to-zone untrust policy policy-name
then permit
14. Create a NAT rule for source translation of all Internet bound traffic.
[edit]
admin@# set security nat source rule-set interface-nat from zone trust
admin@# set security nat source rule-set interface-nat to zone untrust
admin@# set security nat source rule-set interface-nat rule rule1 match source-address
0.0.0.0/0 destination-address 0.0.0.0/0
admin@# set security nat source rule-set interface-nat rule rule1 then source-nat
interface
15. Check the configuration for validity.
[edit]
admin@# commit check
configuration check succeeds
16. Commit the configuration to activate it on the device.
[edit]
admin@# commit
commit complete
17. Optionally, display the configuration to verify that it is correct.
[edit]
user@host# show
system {
host-name devicea;
domain-name lab.device.net;
domain-search [ lab.device.net device.net ];
backup-device 192.168.2.44;
time-zone America/Los_Angeles;
root-authentication {
ssh-rsa "ssh-rsa AAAAB3Nza...D9Y2gXF9ac==root@devicea.lab.device.net";
}
name-server {
10.148.2.32;
}
services {
}
ntp {
server 10.148.2.21;
}
Copyright © 2012, Juniper Networks, Inc.130
SRX210 Services Gateway Hardware
To Next Page
Loading...
