Juniper Networks V10000 Manuale Utente Scaricare il pdf (Pagina 10)

IMPLEMENTATION GUIDE -Juniper Networks SRX Series Services Gateways/Websense V10000

6. Add a security policy from user-lan to public-inet. This step is necessary to allow traffic to the Internet that does not

need to be processed by the Websense V10000.

admin@SRX# show security policies

from-zone user-lan to-zone public-inet {

policy permit-all {

match {

source-address any;

destination-address any;

application any;

}

then {

permit;

}

Note that you should follow this step if the public-inet security zone has already been configured. If this is not the case,

use the following to set up the interface and security zone.

admin@SRX# show interfaces ge-0/0/0

description “To Public Ineternet”;

unit 0 {

family inet {

address 66.97.23.82/24;

}

admin@SRX# show security zones

security-zone public-inet {

screen untrust-screen;

interfaces {

ge-0/0/0.0;

}

7. Add the V10000 “C” port address 172.25.44.19 to the management security zone address book. This step is necessary

so that the V10000 can redirect the user Web browser to the “C” port for blocked sites. Note that in addition to the

specific address, an “address-set” has also been defined. This was done should the network need to support multiple

V10000 appliances. Each additional “C” port would be included in the set, and the associated security policy (in an

upcoming step) would not need to be changed.

admin@SRX# show security zones

security-zone management {

address-book {

address V10000-alpha-c 172.25.44.19/32;

address-set V10000-c {

address V10000-alpha-c;

}

1 2 ... 5 6 7 8 9 10 11 12

Nessun commento

Juniper Networks V10000 Manuale Utente Pagina 10