 |
Note: This firewall filter is only an example; do not copy the addressing specifics and use them on an actual system. |
You configure JUNOScope access to use the xnm-ssh service on the routing platform. JUNOS software for Common Criteria does not support the xnm-clear-text network management service.
This example firewall filter limits JUNOScope access to the authorized client address 192.168.115.34. The filter is applied to the dedicated management interface or the fxp0 management interface as an input filter, and logs and rejects (silently discards) any invalid JUNOScope access events.
You must also configure JUNOScope to use the xnm-ssh service with valid SSH certificates. For more information on JUNOScope, see the JUNOScope Software User Guide and JUNOScript API Guide.
|
Note: This firewall filter is only an example; do not copy the addressing specifics and use them on an actual system. |
Configure the firewall filter:
- [edit firewall family inet]
- filter CC_JUNOScope_Access {
-
- term JUNOScope_client {
-
- from {
-
- source-address {
- 192.168.115.34;
- }
- protocol tcp;
- destination-port 3221;
- }
- then accept;
- }
-
- term access-denied {
-
- then {
- log;
- reject;
- }
- }
- }
Apply as an input filter to lo0:
- [edit interfaces lo0 unit 0 family inet]
- filter {
- input CC_MGR_Access;
- }
 | Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice. | |