富阳教研  

返回   富阳教研 > 网络家园 > 网络技术 > 网络设备

网络设备: 网络硬件设备,包括交换机、路由器、adsl modem 等的讨论(功能,配置、除错等)

回复
 
主题工具 对主题评分 显示模式
旧的 2019-02-28, 10:49 PM   第 1 楼
jacky
管理员
 
jacky的头像
 
帖子: 3,151
声望: 10 jacky is on a distinguished road
来自: 天上人间
注册日期: Feb 2003
使用Yahoo!给 jacky 发送一个信息
Juniper SRX240H root@HB-YT-SRX240H-01

root@HB-YT-SRX240H-01> show configuration
## Last commit: 2019-02-28 22:14:13 CST by root
version 12.1X44-D45.2;
代码:
system {
    host-name HB-YT-SRX240H-01;
    time-zone Asia/Shanghai;
    authentication-order [ radius password ];
    root-authentication {
        encrypted-password "$1$zzBT9.L.$YxLik5sKUXy5KLbvUAHY00"; ## SECRET-DATA
    }
    name-server {
        202.102.128.68;
        202.102.134.68;
        219.146.0.130;
    }
    radius-server {
        10.116.219.42 {
            port 1812;
            secret "$9$cIAyvWX7-w24x7k.fT3n"; ## SECRET-DATA
        }
    }
    login {
        class sfadmin {
            idle-timeout 15;
            permissions all;
        }
        class show {
            idle-timeout 15;
            permissions [ view view-configuration ];
        }
        class super-user-local {
            idle-timeout 15;
            permissions all;
        }
        user 015723 {
            uid 2002;
            class sfadmin;
        }
        user 077940 {
            uid 2003;
            class sfadmin;
        }
        user 083575 {
            uid 2004;
            class sfadmin;
        }
        user 084118 {
            uid 2005;
            class sfadmin;
        }
        user 085631 {
            uid 2006;
            class sfadmin;
        }
        user 145994 {
            uid 2013;
            class read-only;
        }
        user 194973 {
            uid 2009;
            class sfadmin;
        }
        user 198541 {
            uid 2014;
            class sfadmin;
        }
        user 215886 {
            uid 2008;
            class sfadmin;
        }
        user 260064 {
            uid 2012;
            class sfadmin;
        }
        user 276756 {
            uid 2111;
            class sfadmin;
        }
        user 358391 {
            uid 2018;
            class sfadmin;
        }
        user 474386 {
            uid 2019;
            class read-only;
        }
        user 483872 {
            uid 2030;
            class sfadmin;
        }
        user 592969 {
            uid 2001;
            class sfadmin;
        }
        user sfadmin {
            uid 3001;
            class super-user;
            authentication {
                encrypted-password "$1$RZy95aF2$u72tXGGpfDX6o29Y46xtQ."; ## SECRET-DATA
            }
        }
        user show {
            uid 3002;
            class show;
            authentication {
                encrypted-password "$1$CS6XxvdK$cMhCy19fxAGvpmzICAlIz0"; ## SECRET-DATA
            }
        }
    }
    services {
        ssh;
        xnm-clear-text;
        web-management {
            http {
                interface [ vlan.0 vlan.3 ];
            }
            https {
                system-generated-certificate;
                interface [ vlan.0 vlan.3 ];
            }
        }
    }
    syslog {
        archive size 100k files 3;
        user * {
            any emergency;
        }
        host 10.0.40.40 {
            any any;
        }
        host 10.116.219.44 {
            any any;
        }
        file messages {
            any critical;
            authorization info;
        }
        file interactive-commands {
            interactive-commands error;
        }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
    ntp {
        server 10.111.113.5;
        server 10.116.218.66;
        server 10.116.218.67;
        server 10.110.218.66;
    }
}
interfaces {
    interface-range interfaces-trust {
        member ge-0/0/1;
        member ge-0/0/3;
        member ge-0/0/8;
        member ge-0/0/9;
        member ge-0/0/10;
        member ge-0/0/11;
        member ge-0/0/12;
        member ge-0/0/13;
        member ge-0/0/14;
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    interface-range interfaces-trust7 {
        member ge-0/0/5;
        member ge-0/0/6;
        member ge-0/0/7;
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust7;
                }
            }
        }
    }
    ge-0/0/0 {
        unit 0 {
            family inet;
        }
    }
    gr-0/0/0 {
        unit 0 {
            family inet;
        }
        unit 1 {
            tunnel {
                source 219.146.138.7;
                destination 219.134.187.236;
            }
            family inet {
                mtu 1476;
                address 192.168.254.162/30;
            }
        }
        unit 2 {
            tunnel {
                source 219.146.138.7;
                destination 222.173.169.162;
            }
            family inet {
                mtu 1476;
                address 192.168.250.161/30;
            }
        }
        unit 3 {
            tunnel {
                source 219.146.138.7;
                destination 58.57.5.50;
            }
            family inet {
                mtu 1476;
                address 192.168.240.161/30;
            }
        }
        unit 43 {
            description To_SK_VPN;
            tunnel {
                source 219.146.138.7;
                destination 119.147.212.14;
            }
            family inet {
                mtu 1476;
                address 192.168.234.162/30;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    gr-0/0/1 {
        unit 3 {
            family inet;
        }
    }
    fe-0/0/2 {
        disable;
    }
    ge-0/0/2 {
        unit 0 {
            family inet {
                address 221.0.94.25/28;
            }
        }
    }
    fe-0/0/3 {
        disable;
    }
    ge-0/0/3 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/4 {
        unit 0 {
            family inet {
                filter {
                    input NTP;
                }
                address 219.146.138.6/26;
            }
        }
    }
    gr-0/0/4 {
        unit 0;
    }
    ge-0/0/5 {
        disable;
        unit 0 {
            disable;
            family ethernet-switching;
        }
    }
    fe-0/0/6 {
        disable;
    }
    ge-0/0/6 {
        unit 0 {
            family ethernet-switching;
        }
    }
    fe-0/0/7 {
        disable;
    }
    ge-0/0/7 {
        unit 0 {
            family ethernet-switching;
        }
    }
    fe-0/0/8 {
        disable;
    }
    ge-0/0/8 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/9 {
        disable;
    }
    ge-0/0/9 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/10 {
        disable;
    }
    ge-0/0/10 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/11 {
        disable;
    }
    ge-0/0/11 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/12 {
        disable;
    }
    ge-0/0/12 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/13 {
        disable;
    }
    ge-0/0/13 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/14 {
        disable;
    }
    ge-0/0/14 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/15 {
        disable;
    }
    lo0 {
        unit 0 {
            family inet {
                filter {
                    input local-sec;
                }
            }
        }
    }
    vlan {
        description "connect to LAN";
        unit 0 {
            family inet;
        }
        unit 2 {
            family inet;
        }
        unit 3 {
            description to-LAN;
            family inet {
                address 10.84.0.251/24;
            }
        }
        unit 7 {
            family inet;
        }
    }
}
event-options {
    policy init-chk-1 {
        events system;
        attributes-match {
            system.message matches "Host 0 Boot from backup root";
        }
        then {
            execute-commands {
                commands {
                    "request system software rollback";
                    "request system snapshot media internal slice alternate";
                }
            }
        }
    }
}
snmp {
    community supersafe {
        authorization read-only;
        clients {
            0.0.0.0/0 restrict;
            10.84.7.156/32;
            10.84.0.109/32;
            10.111.230.20/32;
            10.0.40.0/24;
            10.0.47.0/24;
            10.111.220.0/24;
            10.111.230.0/24;
            10.116.218.0/24;
            10.118.88.0/24;
            10.84.7.119/32;
            10.110.218.0/24;
            10.36.8.12/24;
            100.118.127.0/24;
            10.119.217.0/24;
            10.151.217.0/24;
        }
    }
}
routing-options {
    traceoptions {
        file routing-log;
    }
    static {
        route 0.0.0.0/0 {
            next-hop 219.146.138.1;
            qualified-next-hop 221.0.94.17 {
                preference 10;
            }
        }
        route 10.84.0.0/16 next-hop 10.84.0.253;
        route 10.84.21.0/24 next-hop 192.168.240.162;
        route 10.86.1.0/24 next-hop 192.168.250.162;
        route 10.86.2.0/24 next-hop 192.168.250.162;
        route 10.0.0.0/8 next-hop 10.84.0.253;
    }
}
protocols {
    inactive: ospf {
        traceoptions {
            file ospf-log size 10k files 5;
            flag lsa-ack;
            flag database-description;
            flag hello;
            flag lsa-update;
            flag lsa-request;
        }
        export staticTOospf;
    }
    stp;
}
policy-options {
    policy-statement staticTOospf {
        from {
            route-filter 10.84.0.0/24 orlonger;
        }
        then accept;
    }
}
security {
    alg {
        dns disable;
        ftp disable;
        h323 disable;
        mgcp disable;
        msrpc disable;
        sunrpc disable;
        rsh disable;
        rtsp disable;
        sccp disable;
        sip disable;
        sql disable;
        talk disable;
        tftp disable;
        pptp disable;
    }
    flow {
        tcp-mss {
            all-tcp {
                mss 1400;
            }
        }
        inactive: tcp-session {
            no-syn-check;
            no-sequence-check;
        }
    }
    nat {
        source {
            rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-nat-rule {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    }
    policies {
        from-zone trust to-zone untrust {
            policy trust-to-untrust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
            policy sfsystemip {
                match {
                    source-address any;
                    destination-address sfsystem;
                    application any;
                }
                then {
                    permit;
                }
            }
            policy tuda_client {
                match {
                    source-address any;
                    destination-address tuda_client;
                    application any;
                }
                then {
                    permit;
                }
            }
            policy sfsystem2016 {
                match {
                    source-address any;
                    destination-address sfsystem2016;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone trust to-zone trust {
            policy 1 {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
            policy trust-to-trust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone untrust to-zone trust {
            policy unt-2-w_8095 {
                match {
                    source-address any;
                    destination-address web_10.84.7.95/32;
                    application tcp_8095;
                }
                then {
                    permit;
                }
            }
            policy unt-2-w_9500 {
                match {
                    source-address any;
                    destination-address ip_10.84.0.245;
                    application tcp_9500;
                }
                then {
                    permit;
                }
            }
        }
    }
    zones {
        security-zone trust {
            address-book {
                address web_10.84.7.95/32 10.84.7.95/32;
                address ip_10.84.0.245 10.84.0.245/32;
            }
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                vlan.0;
                vlan.3;
                gr-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            all;
                        }
                        protocols {
                            all;
                        }
                    }
                }
                gr-0/0/0.2 {
                    host-inbound-traffic {
                        system-services {
                            all;
                        }
                        protocols {
                            all;
                        }
                    }
                }
                gr-0/0/0.1 {
                    host-inbound-traffic {
                        system-services {
                            all;
                        }
                        protocols {
                            all;
                        }
                    }
                }
                gr-0/0/0.3 {
                    host-inbound-traffic {
                        system-services {
                            all;
                        }
                        protocols {
                            all;
                        }
                    }
                }
                gr-0/0/0.43;
            }
        }
        security-zone untrust {
            address-book {
                address sfsystem_1 119.145.36.64/29;
                address sfsystem_2 58.251.70.28/32;
                address sfsystem_3 58.251.70.58/31;
                address sfsystem_4 58.251.70.60/30;
                address sfsystem_5 58.251.70.64/28;
                address sfsystem_6 58.251.70.80/29;
                address sfsystem_7 58.251.70.88/31;
                address sfsystem_8 112.95.153.48/29;
                address sfsystem_9 113.106.167.16/28;
                address sfsystem_10 118.122.122.0/24;
                address sfsystem_11 119.145.10.176/28;
                address sfsystem_12 119.6.15.176/28;
                address sfsystem_13 121.12.251.0/27;
                address sfsystem_14 121.12.251.64/28;
                address sfsystem_15 121.15.169.0/27;
                address sfsystem_16 121.15.169.32/28;
                address sfsystem_17 122.193.143.224/28;
                address sfsystem_18 183.62.205.224/28;
                address sfsystem_19 210.21.231.0/26;
                address sfsystem_20 211.4.197.48/28;
                address sfsystem_21 211.139.168.176/29;
                address sfsystem_22 218.90.184.224/28;
                address sfsystem_23 219.128.48.176/28;
                address sfsystem_24 219.134.187.128/27;
                address sfsystem_25 219.134.187.192/26;
                address sfsystem_26 220.248.224.152/29;
                address sfsystem_28 220.248.243.96/29;
                address sfsystem_29 221.4.199.128/26;
                address sfsystem_30 221.6.103.112/29;
                address sfsystem_31 58.214.20.168/29;
                address sfsystem_32 58.215.194.136/29;
                address sfsystem_33 58.251.25.64/27;
                address sfsystem_34 58.61.142.0/28;
                address sfsystem_35 58.61.142.160/27;
                address sfsystem_36 58.61.29.224/28;
                address sfsystem_38 61.132.128.64/29;
                address sfsystem_39 61.160.98.120/29;
                address sfsystem_40 61.190.38.144/28;
                address sfsystem_41 10.0.0.0/8;
                address sfsystem_42 192.168.0.0/16;
                address sfsystem_27 220.248.243.0/24;
                address sfsystem_37 61.141.192.0/24;
                address ftp 219.146.138.7/32;
                address sfsystem_60 219.146.138.0/26;
                address tuda_client_1 219.146.132.0/24;
                address tuda_client_2 58.57.4.112/29;
                address tuda_client_3 122.4.203.0/24;
                address icbc_1 60.247.99.0/24;
                address icbc_2 219.142.91.0/24;
                address sfsystem_57_sk_ct 119.147.212.0/25;
                address sfsystem_60_sfpay_ecs 42.120.61.146/32;
                address sfsystem_61 112.95.135.0/24;
                address sfsystem_jinrongCT 218.17.245.128/25;
                address sfsystem_jinrongCNC 58.250.175.128/25;
                address sfsystem_jinrongMB 123.58.44.0/26;
                address ip_58.250.32.128/25 58.250.32.128/25;
                address ip_218.17.32.0/25 218.17.32.0/25;
                address ip_14.215.91.32/27 14.215.91.32/27;
                address ip_123.58.53.32/27 123.58.53.32/27;
                address sfsystem_116.228.167.0/24 116.228.167.0/24;
                address sfsystem_211.147.239.0/24 211.147.239.0/24;
                address sfsystem201601 218.17.130.0/24;
                address sfsystem201602 218.17.131.0/24;
                address sfsystem201603 202.104.112.142/32;
                address sfsystem201604 202.104.112.143/32;
                address sfsystem201605 202.104.112.144/28;
                address sfsystem201606 202.104.112.160/27;
                address sfsystem201607 123.58.40.0/24;
                address sfsystem201608 123.58.41.0/24;
                address sfsystem201609 123.58.57.142/32;
                address sfsystem201610 123.58.57.143/32;
                address sfsystem201611 123.58.57.144/28;
                address sfsystem201612 123.58.57.160/27;
                address sfsystem201613 14.215.77.0/27;
                address sfsystem201614 123.58.52.0/27;
                address sfsystem201615 211.150.76.0/24;
                address sfsystem201616 211.150.77.0/24;
                address sfsystem201617 112.17.251.0/24;
                address sfsystem201618 121.52.248.0/24;
                address sfsystem201619 120.193.39.0/24;
                address sfsystem201620 111.40.197.0/24;
                address sfsystem201621 117.135.131.0/24;
                address sfsystem201622 117.158.172.0/24;
                address sfsystem201623 117.159.48.0/24;
                address sfsystem201624 117.169.17.0/24;
                address sfsystem201625 223.99.238.0/24;
                address sfsystem201626 120.192.65.0/24;
                address sfsystem201627 120.210.205.0/24;
                address sfsystem201628 120.198.231.0/24;
                address sfsystem201629 101.251.145.0/24;
                address sfsystem201630 123.138.245.0/24;
                address sfsystem201631 124.95.153.0/24;
                address sfsystem201632 125.46.40.0/24;
                address sfsystem201633 221.204.210.0/24;
                address sfsystem201634 43.240.58.0/24;
                address sfsystem201635 61.163.46.0/24;
                address sfsystem201636 61.156.242.0/24;
                address sfsystem201637 61.162.184.0/24;
                address sfsystem201638 61.55.172.0/24;
                address sfsystem201639 111.161.114.0/24;
                address sfsystem201640 202.110.64.0/24;
                address sfsystem201641 218.56.152.0/24;
                address sfsystem201642 111.177.111.0/24;
                address sfsystem201643 58.211.82.0/24;
                address sfsystem201644 113.107.183.0/24;
                address sfsystem201645 117.23.59.0/24;
                address sfsystem201646 124.232.138.0/24;
                address sfsystem201647 14.17.103.0/24;
                address sfsystem201648 182.105.146.0/24;
                address sfsystem201649 182.87.223.0/24;
                address sfsystem201650 60.191.192.0/24;
                address sfsystem201651 218.75.201.0/24;
                address sfsystem201652 222.186.19.0/24;
                address sfsystem201653 222.186.46.0/24;
                address sfsystem201654 61.183.35.0/24;
                address sfsystem201655 61.183.41.0/24;
                address sfsystem201656 61.191.61.0/24;
                address sfsystem201657 61.136.166.0/24;
                address sfsystem201658 183.131.54.0/24;
                address sfsystem201659 115.182.226.0/24;
                address sfsystem201660 119.9.105.0/24;
                address sfsystem201661 119.9.109.0/24;
                address sfsystem201662 183.129.244.0/24;
                address sfsystem201663 210.14.128.0/24;
                address sfsystem201664 175.25.18.0/24;
                address sfsystem201665 115.236.77.0/24;
                address sfsystem201666 124.160.93.0/24;
                address sfsystem201667 150.138.216.0/24;
                address sfsystem201668 27.221.101.0/24;
                address sfsystem201669 223.99.229.0/24;
                address sfsystem201670 61.160.196.0/24;
                address sfsystem201671 112.82.243.0/24;
                address sfsystem201672 112.21.182.0/24;
                address sfsystem201673 180.97.171.0/24;
                address sfsystem201674 112.82.243.0/24;
                address sfsystem201675 120.195.110.0/24;
                address sfsystem201676 222.175.101.0/24;
                address sfsystem201677 119.188.27.0/24;
                address sfsystem201678 223.99.6.0/24;
                address sfsystem201679 150.138.142.0/24;
                address sfsystem201680 123.234.3.0/24;
                address sfsystem201681 223.99.126.0/24;
                address sfsystem201682 123.162.189.0/24;
                address sfsystem201683 61.54.29.0/24;
                address sfsystem201684 111.7.132.0/24;
                address sfsystem201685 110.249.214.0/24;
                address sfsystem201686 124.239.180.0/24;
                address sfsystem201687 111.63.0.0/24;
                address sfsystem201688 111.161.7.0/24;
                address sfsystem201689 42.81.53.0/24;
                address sfsystem201690 117.131.196.0/24;
                address sfsystem201691 60.28.119.0/24;
                address sfsystem201692 123.151.175.0/24;
                address sfsystem201693 111.30.60.0/24;
                address sfsystem_119.253.82.0/32 119.253.82.0/32;
                address sfsystem201607_222.185.235.48/29 222.185.235.48/29;
                address sfsystem201607_221.226.4.72/29 221.226.4.72/29;
                address sfsystem201607_218.90.161.88/29 218.90.161.88/29;
                address-set sfsystem {
                    address sfsystem_1;
                    address sfsystem_2;
                    address sfsystem_3;
                    address sfsystem_4;
                    address sfsystem_5;
                    address sfsystem_6;
                    address sfsystem_7;
                    address sfsystem_8;
                    address sfsystem_9;
                    address sfsystem_10;
                    address sfsystem_11;
                    address sfsystem_12;
                    address sfsystem_13;
                    address sfsystem_14;
                    address sfsystem_15;
                    address sfsystem_16;
                    address sfsystem_17;
                    address sfsystem_18;
                    address sfsystem_19;
                    address sfsystem_20;
                    address sfsystem_21;
                    address sfsystem_22;
                    address sfsystem_23;
                    address sfsystem_24;
                    address sfsystem_25;
                    address sfsystem_26;
                    address sfsystem_27;
                    address sfsystem_28;
                    address sfsystem_29;
                    address sfsystem_30;
                    address sfsystem_31;
                    address sfsystem_32;
                    address sfsystem_33;
                    address sfsystem_34;
                    address sfsystem_35;
                    address sfsystem_36;
                    address sfsystem_37;
                    address sfsystem_38;
                    address sfsystem_39;
                    address sfsystem_40;
                    address sfsystem_41;
                    address sfsystem_42;
                    address sfsystem_60;
                    address icbc_1;
                    address icbc_2;
                    address sfsystem_57_sk_ct;
                    address sfsystem_60_sfpay_ecs;
                    address sfsystem_61;
                    address sfsystem_jinrongCT;
                    address sfsystem_jinrongCNC;
                    address sfsystem_jinrongMB;
                    address ip_58.250.32.128/25;
                    address ip_218.17.32.0/25;
                    address ip_14.215.91.32/27;
                    address ip_123.58.53.32/27;
                    address sfsystem_116.228.167.0/24;
                    address sfsystem_211.147.239.0/24;
                    address sfsystem201601;
                    address sfsystem201602;
                    address sfsystem201603;
                    address sfsystem201604;
                    address sfsystem201605;
                    address sfsystem201606;
                    address sfsystem201607;
                    address sfsystem201608;
                    address sfsystem201609;
                    address sfsystem201610;
                    address sfsystem201611;
                    address sfsystem201612;
                    address sfsystem201613;
                    address sfsystem201614;
                    address sfsystem201615;
                    address sfsystem201616;
                    address sfsystem201617;
                    address sfsystem201618;
                    address sfsystem201619;
                    address sfsystem201620;
                    address sfsystem201621;
                    address sfsystem201622;
                    address sfsystem201623;
                    address sfsystem201624;
                    address sfsystem201625;
                    address sfsystem201626;
                    address sfsystem201627;
                    address sfsystem201628;
                    address sfsystem201629;
                    address sfsystem201630;
                    address sfsystem201631;
                    address sfsystem201632;
                    address sfsystem201633;
                    address sfsystem201634;
                    address sfsystem201635;
                    address sfsystem201636;
                    address sfsystem201637;
                    address sfsystem201638;
                    address sfsystem201639;
                    address sfsystem201640;
                    address sfsystem201641;
                    address sfsystem201642;
                    address sfsystem201643;
                    address sfsystem201644;
                    address sfsystem201645;
                    address sfsystem201646;
                    address sfsystem201647;
                    address sfsystem201648;
                    address sfsystem201649;
                    address sfsystem201650;
                    address sfsystem201651;
                    address sfsystem201652;
                    address sfsystem201653;
                    address sfsystem201654;
                    address sfsystem201655;
                    address sfsystem201656;
                    address sfsystem201657;
                    address sfsystem201658;
                    address sfsystem201659;
                    address sfsystem201660;
                    address sfsystem201661;
                    address sfsystem201662;
                    address sfsystem201663;
                    address sfsystem201664;
                    address sfsystem201665;
                    address sfsystem201666;
                    address sfsystem201667;
                    address sfsystem201668;
                    address sfsystem201669;
                    address sfsystem201670;
                    address sfsystem201671;
                    address sfsystem201672;
                    address sfsystem201673;
                    address sfsystem201674;
                    address sfsystem201675;
                    address sfsystem201676;
                    address sfsystem201677;
                    address sfsystem201678;
                    address sfsystem201679;
                    address sfsystem201680;
                    address sfsystem201681;
                    address sfsystem201682;
                    address sfsystem201683;
                    address sfsystem201684;
                    address sfsystem201685;
                    address sfsystem201686;
                    address sfsystem201687;
                    address sfsystem201688;
                    address sfsystem201689;
                    address sfsystem201690;
                    address sfsystem201691;
                    address sfsystem201692;
                    address sfsystem201693;
                    address sfsystem_119.253.82.0/32;
                    address sfsystem201607_222.185.235.48/29;
                    address sfsystem201607_221.226.4.72/29;
                    address sfsystem201607_218.90.161.88/29;
                }
                address-set FTP {
                    address ftp;
                }
                address-set tuda_client {
                    address tuda_client_1;
                    address tuda_client_2;
                    address tuda_client_3;
                }
                address-set sfsystem2016 {
                    address sfsystem201601;
                    address sfsystem201602;
                    address sfsystem201603;
                    address sfsystem201604;
                    address sfsystem201605;
                    address sfsystem201606;
                    address sfsystem201607;
                    address sfsystem201608;
                    address sfsystem201609;
                    address sfsystem201610;
                    address sfsystem201611;
                    address sfsystem201612;
                    address sfsystem201613;
                    address sfsystem201614;
                    address sfsystem201615;
                    address sfsystem201616;
                    address sfsystem201617;
                    address sfsystem201618;
                    address sfsystem201619;
                    address sfsystem201620;
                    address sfsystem201621;
                    address sfsystem201622;
                    address sfsystem201623;
                    address sfsystem201624;
                    address sfsystem201625;
                    address sfsystem201626;
                    address sfsystem201627;
                    address sfsystem201628;
                    address sfsystem201629;
                    address sfsystem201630;
                    address sfsystem201631;
                    address sfsystem201632;
                    address sfsystem201633;
                    address sfsystem201634;
                    address sfsystem201635;
                    address sfsystem201636;
                    address sfsystem201637;
                    address sfsystem201638;
                    address sfsystem201639;
                    address sfsystem201640;
                    address sfsystem201641;
                    address sfsystem201642;
                    address sfsystem201643;
                    address sfsystem201644;
                    address sfsystem201645;
                    address sfsystem201646;
                    address sfsystem201647;
                    address sfsystem201648;
                    address sfsystem201649;
                    address sfsystem201650;
                    address sfsystem201651;
                    address sfsystem201652;
                    address sfsystem201653;
                    address sfsystem201654;
                    address sfsystem201655;
                    address sfsystem201656;
                    address sfsystem201657;
                    address sfsystem201658;
                    address sfsystem201659;
                    address sfsystem201660;
                    address sfsystem201661;
                    address sfsystem201662;
                    address sfsystem201663;
                    address sfsystem201664;
                    address sfsystem201665;
                    address sfsystem201666;
                    address sfsystem201667;
                    address sfsystem201668;
                    address sfsystem201669;
                    address sfsystem201670;
                    address sfsystem201671;
                    address sfsystem201672;
                    address sfsystem201673;
                    address sfsystem201674;
                    address sfsystem201675;
                    address sfsystem201676;
                    address sfsystem201677;
                    address sfsystem201678;
                    address sfsystem201679;
                    address sfsystem201680;
                    address sfsystem201681;
                    address sfsystem201682;
                    address sfsystem201683;
                    address sfsystem201684;
                    address sfsystem201685;
                    address sfsystem201686;
                    address sfsystem201687;
                    address sfsystem201688;
                    address sfsystem201689;
                    address sfsystem201690;
                    address sfsystem201691;
                    address sfsystem201692;
                    address sfsystem201693;
                }
            }
            host-inbound-traffic {
                system-services {
                    telnet;
                }
            }
            interfaces {
                ge-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            ssh;
                            ping;
                        }
                    }
                }
                ge-0/0/4.0 {
                    host-inbound-traffic {
                        system-services {
                            ssh;
                            ping;
                        }
                    }
                }
            }
        }
        security-zone wire {
            address-book {
                address oralce_10.84.7.95/32 10.84.7.95/32;
            }
        }
    }
}
firewall {
    family inet {
        filter local-sec {
            term sec-in1 {
                from {
                    source-address {
                        10.110.216.0/24;
                        10.116.218.0/24;
                        10.116.216.0/24;
                        218.17.224.0/24;
                        58.250.206.0/24;
                        183.56.162.0/24;
                        112.95.227.0/24;
                        10.84.0.0/24;
                        10.118.88.5/32;
                        10.118.88.0/24;
                        100.118.127.0/24;
                        10.119.217.0/24;
                        10.151.217.0/24;
                    }
                    destination-port ssh;
                }
                then accept;
            }
            term sec-in2 {
                from {
                    destination-port [ telnet ssh ];
                }
                then {
                    discard;
                }
            }
            term sec-in3 {
                then accept;
            }
        }
    }
    filter NTP {
        term allow-ntp {
            from {
                source-address {
                    10.0.16.238/32;
                }
                protocol udp;
                port ntp;
            }
            then accept;
        }
        term block-ntp {
            from {
                protocol udp;
                port ntp;
            }
            then {
                count ntp-counter;
                discard;
            }
        }
        term default {
            then accept;
        }
    }
}
applications {
    application tcp_8095 {
        protocol tcp;
        destination-port 8095;
    }
    application tcp_9500 {
        protocol tcp;
        destination-port 9500;
    }
}
vlans {
    vlan-trust {
        vlan-id 3;
        l3-interface vlan.3;
    }
    vlan-trust7 {
        vlan-id 7;
    }
}
jacky不在线   引用回复
旧的 2019-02-28, 10:53 PM   第 2 楼
jacky
管理员
 
jacky的头像
 
帖子: 3,151
声望: 10 jacky is on a distinguished road
来自: 天上人间
注册日期: Feb 2003
使用Yahoo!给 jacky 发送一个信息
root@HB-YT-SRX240H-01> show system license
引用:
License usage:
Licenses Licenses Licenses Expiry
Feature name used installed needed
dynamic-vpn 0 2 0 permanent
ax411-wlan-ap 0 2 0 permanent
logical-system 0 1 0 permanent

Licenses installed: none
jacky不在线   引用回复
旧的 2019-02-28, 11:00 PM   第 3 楼
jacky
管理员
 
jacky的头像
 
帖子: 3,151
声望: 10 jacky is on a distinguished road
来自: 天上人间
注册日期: Feb 2003
使用Yahoo!给 jacky 发送一个信息
juniper srx "Rescue configuration is not set"

以上内容如果看不懂。。但仍有告警

引用:
request system autorecovery state save


request system configuration rescue

这两条命令,运行一下,就完事了。
jacky不在线   引用回复
回复

主题工具
显示模式 评价此主题
评价此主题:

论坛规则  发贴规则
不可以发表主师
不可以回复帖子
不可以上传附件
不可以编辑自己的帖子
论坛开启 vB 代码
[IMG]代码 开启
HTML代码 关闭


所有时间均为GMT北京时间. 现在时间是 09:27 AM

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
富阳教研网 版权所有