Scribd
Upload
178 views2 pages

Set Commands Juniper

This configuration sets up firewall rules, zones, interfaces, and other security settings for a Juniper router. It defines two security zones (Inside and Outside), applies screening and NAT policies between the zones, sets up port mirroring for traffic inspection, and configures SSH, web management, and other services. Logging and alerts are configured for various traffic types.

Uploaded by

jamski1200
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
178 views2 pages

Set Commands Juniper

This configuration sets up firewall rules, zones, interfaces, and other security settings for a Juniper router. It defines two security zones (Inside and Outside), applies screening and NAT policies between the zones, sets up port mirroring for traffic inspection, and configures SSH, web management, and other services. Logging and alerts are configured for various traffic types.

Uploaded by

jamski1200
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

[edit] root# show display set set version 9.2R1.10 set system root-authentication encrypted-password "$1$cck3scuh$uENFKDbFjAL.

ABe7Y XaJT0" set system services ssh set system services web-management http interface ge-0/0/0.0 set system syslog user * any emergency set system syslog file messages any any set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set interfaces ge-0/0/0 unit 0 family inet filter input port-mirror2 set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24 set interfaces ge-0/0/1 unit 0 family inet address 71.154.139.20/26 set interfaces ge-0/0/3 unit 0 family inet address 10.0.0.1/30 arp 10.0.0.2 mac 02:00:00:01:01:7a set forwarding-options port-mirroring family inet input rate 1 set forwarding-options port-mirroring family inet input run-length 0 set forwarding-options port-mirroring family inet output interface ge-0/0/3.0 ne xt-hop 10.0.0.2 set routing-options static route 0.0.0.0/0 next-hop 71.154.139.1 set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 102 4 set security screen ids-option untrust-screen tcp syn-flood destination-threshol d 2048 set security screen ids-option untrust-screen tcp syn-flood queue-size 2000 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land set security zones security-zone trust tcp-rst set security zones security-zone untrust screen untrust-screen set security zones security-zone INSIDE address-book address Insideips 192.168.1 .10/32 set security zones security-zone INSIDE interfaces ge-0/0/0.0 host-inbound-traff ic system-services all set security zones security-zone OUTSIDE interfaces ge-0/0/1.0 host-inbound-traf fic system-services all set security policies from-zone trust to-zone trust policy default-permit match source-address any set security policies from-zone trust to-zone trust policy default-permit match destination-address any set security policies from-zone trust to-zone trust policy default-permit match application any set security policies from-zone trust to-zone trust policy default-permit then p ermit set security policies from-zone trust to-zone untrust policy default-permit matc h source-address any set security policies from-zone trust to-zone untrust policy default-permit matc h destination-address any set security policies from-zone trust to-zone untrust policy default-permit matc h application any set security policies from-zone trust to-zone untrust policy default-permit then permit set security policies from-zone untrust to-zone trust policy default-deny match source-address any

set security policies from-zone destination-address any set security policies from-zone application any set security policies from-zone eny set security policies from-zone ddress any set security policies from-zone ion-address any set security policies from-zone ion any set security policies from-zone urce-nat interface set security policies from-zone rce-address any set security policies from-zone tination-address any set security policies from-zone lication any set security policies from-zone it set security policies from-zone rce-address any set security policies from-zone tination-address any set security policies from-zone lication any set security policies from-zone it set firewall family inet filter set firewall family inet filter set firewall family inet filter set firewall family inet filter set firewall family inet filter [edit] root#

untrust to-zone trust policy default-deny match untrust to-zone trust policy default-deny match untrust to-zone trust policy default-deny then d INSIDE to-zone OUTSIDE policy NAT match source-a INSIDE to-zone OUTSIDE policy NAT match destinat INSIDE to-zone OUTSIDE policy NAT match applicat INSIDE to-zone OUTSIDE policy NAT then permit so INSIDE to-zone OUTSIDE policy AllowAll match sou INSIDE to-zone OUTSIDE policy AllowAll match des INSIDE to-zone OUTSIDE policy AllowAll match app INSIDE to-zone OUTSIDE policy AllowAll then perm OUTSIDE to-zone INSIDE policy AllowAll match sou OUTSIDE to-zone INSIDE policy AllowAll match des OUTSIDE to-zone INSIDE policy AllowAll match app OUTSIDE to-zone INSIDE policy AllowAll then perm port-mirror2 port-mirror2 port-mirror2 port-mirror2 port-mirror2 term term term term term 1 1 1 1 2 from from then then then protocol tcp port http port-mirror accept accept

You might also like