[Contents] [Prev] [Next] [Index] [Report an Error]

CLI Configuration

  1. Set interfaces.
    user@host# set interfaces ge-0/0/0 unit 0 family inet address 1.2.2.1/24
    user@host# set interfaces fe-1/0/0 unit 0 family inet address 1.1.1.1/24
    user@host# set security zones security-zone zone_dmz interfaces ge-0/0/0.0
    user@host# set security zones security-zone zone_external interfaces fe-1/0/0.0
  2. Define addresses.
    user@host# set security zones security-zone zone_dmz address-book address ws1 1.2.2.10/32
    user@host# set security zones security-zone zone_dmz address-book address ws2 1.2.2.20/32
    user@host# set security zones security-zone zone_dmz address-book address ws3 1.2.2.30/32
    user@host# set security zones security-zone zone_dmz address-book address ws4 1.2.2.40/32
    user@host# set security zones security-zone zone_dmz address-book address-set web_servers address ws1
    user@host# set security zones security-zone zone_dmz address-book address-set web_servers address ws2
    user@host# set security zones security-zone zone_dmz address-book address-set web_servers address ws3
    user@host# set security zones security-zone zone_dmz address-book address-set web_servers address ws4
  3. Configure policy.
    user@host# set security policies from-zone zone_external to-zone zone_dmz policy id_1 match source-address any
    user@host# set security policies from-zone zone_external to-zone zone_dmz policy id_1 match destination-address web_servers
    user@host# set security policies from-zone zone_external to-zone zone_dmz policy id_1 match application junos-http
    user@host# set security policies from-zone zone_external to-zone zone_dmz policy id_1 then permit
  4. Configure SCREEN options.
    user@host# set security screen ids-option zone_external-syn-flood tcp syn-flood alarm-threshold 250
    user@host# set security screen ids-option zone_external-syn-flood tcp syn-flood attack-threshold 625
    user@host# set security screen ids-option zone_external-syn-flood tcp syn-flood source-threshold 25
    user@host# set security screen ids-option zone_external-syn-flood tcp syn-flood timeout 20
    user@host# set security zones security-zone zone_external screen zone_external-syn-flood
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.