Juniper Networks V10000 Manuale Utente Scaricare il pdf (Pagina 9)

IMPLEMENTATION GUIDE - Juniper Networks SRX Series Services Gateways/Websense V10000

admin@SRX# show interfaces ge-0/0/1

description “To User LAN network”;

unit 0 {

family inet {

address 192.168.5.1/24;

}

admin@SRX# show security zones

security-zone user-lan {

address-book {

address local-hosts 192.168.5.0/24;

}

interfaces {

ge-0/0/1.0;

}

4. Create an access control filter (called a “firewall filter” in Junos OS) to selectively identify the traffic to be redirected

to the V10000. For the purpose of this implementation guide example, this is HTTP and HTTPS traffic only. The

following firewall configuration has two terms. The first term matches on the target redirect traffic (HTTP/HTTPS)

and when found puts the traffic into the forwarding instance created in the prior step. That forwarding instance

determines one thing—it forwards the traffic to the V10000 P1 port. The second term accepts all other (non-

redirected) traffic. This term is very important, and if left out, all other traffic would be silently discarded. The reason

for that is that a firewall filter has an implicit “deny” as a last term rule.

admin@SRX# show rewall

family inet {

lter redirect-to-V10000-alpha {

term web-traic {

from {

protocol tcp;

port [ http https ];

}

then {

routing-instance to-P1-V10000-alpha;

}

term default {

then accept;

}

5. Attach the redirecting firewall-filter to the physical interface attached to the User LAN network segment. The filter

created in the prior step is added to the physical interface as highlighted.

admin@SRX# show interfaces ge-0/0/1

description “To User LAN network”;

unit 0 {

family inet {

lter {

input redirect-to-V10000-alpha;

}

1 2 3 4 5 6 7 8 9 10 11 12

Commenti su questo manuale

Nessun commento

Juniper Networks V10000 Manuale Utente Pagina 9

Commenti su questo manuale

Prodotti e manuali riguardandi Networking Juniper Networks V10000