富阳教研  

返回   富阳教研 > 网络家园 > 网络技术 > 网络设备

网络设备: 网络硬件设备,包括交换机、路由器、adsl modem 等的讨论(功能,配置、除错等)

回复
 
主题工具 对主题评分 显示模式
旧的 2011-03-13, 11:50 PM   第 1 楼
jacky
管理员
 
jacky的头像
 
帖子: 3,121
声望: 10 jacky is on a distinguished road
来自: 天上人间
注册日期: Feb 2003
使用Yahoo!给 jacky 发送一个信息
Juniper SSG 140 端口映射,映射web服务器(http 80端口)

http://kb.juniper.net/InfoCenter/ind...tent&id=KB6632

关键:让默认http管理端口绕开80。
引用:
set admin port 8080
set interface <interface_name> vip interface-ip 80 http 10.1.1.10
jacky不在线   引用回复
旧的 2011-03-14, 12:09 AM   第 2 楼
jacky
管理员
 
jacky的头像
 
帖子: 3,121
声望: 10 jacky is on a distinguished road
来自: 天上人间
注册日期: Feb 2003
使用Yahoo!给 jacky 发送一个信息
第一次学习配置文件。
注意:此配置文件更改了管理口ip, 但是把服务器放在了DMZ区,结果DMZ区是不能上网的。

引用:
SSG140-> get config
Total Config size 4128:
set clock dst-off
set clock ntp
set clock timezone 8
set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "admin"
set admin password "123456"
set admin port 8080
set admin http redirect
set admin auth web timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "DMZ" tcp-rst
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet0/0" zone "Trust"
set interface "ethernet0/1" zone "Null"
set interface "ethernet0/2" zone "Null"
set interface "ethernet0/8" zone "DMZ"
set interface "ethernet0/9" zone "Untrust"
set interface ethernet0/0 ip 192.168.1.1/24
set interface ethernet0/0 nat
unset interface vlan1 ip
set interface ethernet0/8 ip 10.9.8.99/24
set interface ethernet0/8 nat
set interface ethernet0/9 ip 202.107.196.28/27
set interface ethernet0/9 nat
set interface ethernet0/9 gateway 202.107.196.1
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/0 ip manageable
set interface ethernet0/8 ip manageable
unset interface ethernet0/9 ip manageable
set interface vlan1 manage mtrace
set interface ethernet0/9 vip interface-ip 80 "HTTP" 10.9.8.28
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set address "DMZ" "web" 10.9.8.28 255.255.255.255
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
set url protocol websense
exit
set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit
set policy id 1
exit
set policy id 2 from "DMZ" to "Untrust" "Any" "Any" "ANY" permit
set policy id 2
exit
set policy id 3 name "web 28" from "Untrust" to "DMZ" "Any" "VIP(ethernet0/9)" "ANY" permit
set policy id 3
exit
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
unset license-key auto-update
set ntp server "192.168.11.1"
set ntp server src-interface "ethernet0/0"
set ntp server backup1 "61.175.193.197"
set ntp server backup1 src-interface "ethernet0/9"
set ntp server backup2 "10.9.8.11"
set ntp server backup2 src-interface "ethernet0/8"
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 192.168.0.0/16 interface ethernet0/0 gateway 192.168.1.254
set route 10.0.0.0/8 interface ethernet0/8 gateway 10.9.8.254
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
jacky不在线   引用回复
旧的 2018-09-22, 09:05 PM   第 3 楼
jacky
管理员
 
jacky的头像
 
帖子: 3,121
声望: 10 jacky is on a distinguished road
来自: 天上人间
注册日期: Feb 2003
使用Yahoo!给 jacky 发送一个信息
JUNIPER NS-025-001防火墙:JUNIPER NS-025-001 4个10M/100M以太网端口,100M 防火墙,20M VPN,16000会话数,无限用户数限制,125VPN隧道。

JUNIPER(NetScreen)防火墙全系列:
型 号 描 述

防火墙系列:
JUNIPER NS-5GT-008 5个10M/100M以太网端口,75M 防火墙,20M VPN,2000会话数,10用户数限制,20VPN隧道。
JUNIPER NS-5GT-108 5个10M/100M以太网端口,75M 防火墙,20M VPN,2000会话数,无限用户数限制,20VPN隧道。
JUNIPER NS-025-001 4个10M/100M以太网端口,100M 防火墙,20M VPN,16000会话数,无限用户数限制,125VPN隧道。
JUNIPER NS-050-001 4个10M/100M以太网端口,170M 防火墙,50M VPN,64000会话数,无限用户数限制,500VPN隧道。
JUNIPER NS-050-101 4个10M/100M以太网端口,170M 防火墙,64000会话数不带VPN功能,无限用户数限制。
JUNIPER NS-204-001 4个10M/100M以太网端口,400M 防火墙,200M VPN,128000会话数,无限用户数限制,1000VPN隧道
JUNIPER NS-204-101 4个10M/100M以太网端口,400M 防火墙,不带VPN功能,128000会话数,无限用户数限制。
JUNIPER NS-208-001 8个10M/100M以太网端口,550M 防火墙,200M VPN,无限用户数限制,128000会话数,1000VPN隧道

Baseline系统产品:
JUNIPER NS-025B-001--4个10M/100M以太网端口,100M 防火墙,20M VPN,无限用户数限制。25个VPN隧道,8000会话数,不支持OSPF/BGP,不支持VLAN。
JUNIPER NS-050B-001--4个10M/100M以太网端口,170M 防火墙,50M VPN,无限用户数限制。100个VPN隧道,32000会话数,不支持OSPF/BGP,不支持VLAN。
JUNIPER NS-204B-001--4个10M/100M以太网端口,400M 防火墙,200M VPN,无限用户数限制。500个VPN隧道,64000会话数,不支持OSPF/BGP,不支持VLAN。
JUNIPER NS-208B-001--8个10M/100M以太网端口,550M 防火墙,200M VPN,无限用户数限制。500个VPN隧道,64000会话数,不支持OSPF/BGP,不支持VLAN。

JUNIPER NS-R8A-010 10个VPN客户端许可
JUNIPER NS-R8A-100 100个VPN客户端许可
JUNIPER NS-R8A-110 1000个VPN客户端许可

JUNIPER NS-500ES-GB2-AC--0虚拟系统,2个双GBIC光纤模块,双AC电源,700M防火墙,250M VPN,无限用户数限制,5000个VPN隧道。
JUNIPER NS-500ES-FE2-AC--0虚拟系统,2个双10/100M以太网模块,双AC电源,700M防火墙,250M VPN,无限用户数限制,5000个VPN隧道。
JUNIPER NS-500-UPG-A--NetScreen-500 Baseline to Advanced Upgrade License
JUNIPER NS-500-HF2--N--NetScreen-500 I/O Module - Dual Port Mini GBIC-SX (Mini GBIC Gigabit Ethernet, SX Tranceiver, Dual Port)
JUNIPER NS-500-PWR-AC--NetScreen-500 AC Power Supply
JUNIPER NS-500-PWR-DC--NetScreen-500 DC Power Supply
JUNIPER NS-ISG-2000-P00A-S00 --NS-ISG 2000 Advanced System, 1x4 port 10/100 I/O Module, 2AC power supplies, 0 VSYS
JUNIPER NS-ISG-2000-P01A-S00 --NS-ISG 2000 Advanced System, 1x8 port 10/100 I/O Module, 2AC power supplies, 0 VSYS
JUNIPER NS-ISG-2000-P02A-S00 --NS-ISG 2000 Advanced System, 1 Dual-Port mini-GBIC SX Transceiver I/O Module, 2 AC power supplies, 0 VSYS
JUNIPER NS-ISG-2000-UPG-A --NetScreen-ISG 2000 Upgrade Baseline to Advanced
JUNIPER NS-ISG-2000-SX2--NetScreen-ISG 2000 I/O Module-Dual Port Mini GBIC-SX (SX Transceivers included)
JUNIPER NS-ISG-2000-FE8--NetScreen-ISG 2000 I/O Module-8 Port 10/100 Fast Ethernet
JUNIPER NS-ISG-2000-TX2--NetScreen-ISG 2000 I/O Module-Dual Port 10/100/1000 Gigabit Copper

SSG-140新出产品:
JUNIPER SSG-5-SB Security Services Gateway 5 with RS-232 Aux backup, 128 MB Memory
JUNIPER SSG-20-SB Security Services Gateway 20 with 2 port Mini-PIM slots, 128 MB Memory
JUNIPER SSG-520B-001 SSG 520 System, 256 MB DRAM, AC Power
JUNIPER SSG-520-001 SSG 520 System, 1GB DRAM, AC Power
JUNIPER SSG-520-001-DC SSG 520 System, 1GB DRAM, DC Power
JUNIPER SSG-550B-001 SSG 550 System, 256 MB DRAM, 1 AC Power supply
JUNIPER SSG-550-001 SSG 550 System, 1GB DRAM, 1 AC Power Supply
JUNIPER SSG-550-001-DC SSG 550 System, 1GB DRAM, 1 DC Power Supply

JUNIPER SA2000 Secure Access 2000 Base System
JUNIPER SA4000 Secure Access 4000 Base System
JUNIPER SA6000 Secure Access 6000 Base System
jacky不在线   引用回复
回复

主题工具
显示模式 评价此主题
评价此主题:

论坛规则  发贴规则
不可以发表主师
不可以回复帖子
不可以上传附件
不可以编辑自己的帖子
论坛开启 vB 代码
[IMG]代码 开启
HTML代码 关闭


所有时间均为GMT北京时间. 现在时间是 03:49 AM

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
富阳教研网 版权所有