12. Configure basic security zones and bind them to traffic interfaces.
[edit]
admin# set security zones security-zone untrust interfaces ge-0/0/1
13. Configure basic security policies.
[edit]
admin# set security policies from-zone trust to-zone untrust policy policy-name match
source-address any destination-address any application any
admin# set security policies from-zone trust to-zone untrust policy policy-name then
permit
14. Create a Network Address Translation (NAT) rule for source translation of all
Internet-bound traffic.
[edit]
admin# set security nat source rule-set interface-nat from zone trust
admin# set security nat source rule-set interface-nat to zone untrust
admin# set security nat source rule-set interface-nat rule rule1 match source-address
0.0.0.0/0 destination-address 0.0.0.0/0
admin# set security nat source rule-set interface-nat rule rule1 then source-nat interface
15. Check the configuration for validity.
[edit]
admin# commit check
configuration check succeeds
16. Commit the configuration to activate it on the device.
[edit]
admin# commit
commit complete
17. Optionally, display the configuration to verify that it is correct.
[edit]
admin# show
system {
host-name devicea;
domain-name lab.device.net;
domain-search [ lab.device.net device.net ];
backup-device 192.168.2.44;
time-zone America/Los_Angeles;
root-authentication {
ssh-rsa "ssh-rsa AAAAB3Nza...D9Y2gXF9ac==root@devicea.lab.device.net";
}
name-server {
10.148.2.32;
}
services {
}
ntp {
server 10.148.2.21;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
93Copyright © 2016, Juniper Networks, Inc.
Chapter 16: Performing Initial Configuration
To Next Page
Loading...
