Security Mode Configuration Commands
150
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Command example:
SRX5308>
security firewall ipv4 add_rule lan_dmz inbound
security-config[firewall-ipv4-lan-dmz-inbound]>
service_name default_services SSH:UDP
security-config[firewall-ipv4-lan-dmz-inbound]>
action BLOCK_BY_SCHEDULE_ELSE_ALLOW
security-config[firewall-ipv4-lan-dmz-inbound]>
schedule Schedule1
security-config[firewall-ipv4-lan-dmz-inbound]>
lan_users address_wise SINGLE_ADDRESS
security-config[firewall-ipv4-lan-dmz-inbound]>
lan_user_start_ip 192.168.5.108
security-config[firewall-ipv4-lan-dmz-inbound]>
dmz_users SINGLE_ADDRESS
security-config[firewall-ipv4-lan-dmz-inbound]>
dmz_user_start_ip 176.16.2.101
security-config[firewall-ipv4-lan-dmz-inbound]>
log Always
security-config[firewall-ipv4-lan-dmz-inbound]>
save
lan_user_end_ip ipaddress The end IP address if the
lan_users address_wise
keywords are set to
ADDRESS_RANGE.
lan_users group_wise group name The name of the LAN group or LAN
IP group. The LAN group name is
either a default name (Group1,
Group2, Group3, and so on) or a
custom name that you have
specified with the net lan
lan_groups edit <row id>
<new group name> command. The
LAN IP group name is a name that
you have specified with the security
services ip_group add command.
The address_wise and
group_wise keywords are
mutually exclusive.
dmz_users ANY, SINGLE_ADDRESS, or
ADDRESS_RANGE
Specifies the type of DMZ address.
dmz_user_start_ip ipaddress There are two options:
• The IP address if the dmz_users
keyword is set to
SINGLE_ADDRESS.
• The start IP address if the
dmz_users keyword is set to
ADDRESS_RANGE.
dmz_user_end_ip ipaddress The end IP address if the
dmz_users keyword is set to
ADDRESS_RANGE.
Logging
log NEVER or ALWAYS Specifies whether logging is
disabled or enabled.
Keyword (might consist of two
separate words)
Associated Keyword to Select or
Parameter to Type
Description
To Next Page
Loading...
