91超碰碰碰碰久久久久久综合_超碰av人澡人澡人澡人澡人掠_国产黄大片在线观看画质优化_txt小说免费全本

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

Juniper srx 240 端口映射\\N個ISP出口 之 “浮動路由+指定資源走指定線路”

發布時間:2020-07-19 01:57:17 來源:網絡 閱讀:926 作者:ITint 欄目:安全技術

172.18.18.42 port 2020、2009 ISP_IP Port XXXX、XXXX
172.18.18.45 port 2020、2009 ISP_IP Port XXXX、XXXX

步驟一:定義全局地址
set security address-book global address Nutanix_Cluster 172.18.18.50/32
步驟二:定義協議端口
set applications application tcp-2020 protocol tcp
set applications application tcp-2020 destination-port 2020
set applications application tcp-2009 protocol tcp
set applications application tcp-2009 destination-port 2009
步驟三:定義目的NAT+Port之定義內網IP匹配端口
set security nat destination pool DP_Nutanix_Cluster_2020 address 172.18.18.50/32
set security nat destination pool DP_Nutanix_Cluster_2020 address port 2020
set security nat destination pool DP_Nutanix_Cluster_2009 address 172.18.18.50/32
set security nat destination pool DP_Nutanix_Cluster_2009 address port 2009
步驟三:定義目的NAT+Port之定義內外網NAT規則
set security nat destination rule-set DNAT_FROM_ISP6 rule ISP6_TO_Nutanix_2020_Owenli match destination-address-name WAN3006_162
set security nat destination rule-set DNAT_FROM_ISP6 rule ISP6_TO_Nutanix_2020_Owenli match destination-port 2020
set security nat destination rule-set DNAT_FROM_ISP6 rule ISP6_TO_Nutanix_2020_Owenli then destination-nat pool DP_Nutanix_Cluster_2020
set security nat destination rule-set DNAT_FROM_ISP6 rule ISP6_TO_Nutanix_2009_Owenli match destination-address-name WAN3006_162
set security nat destination rule-set DNAT_FROM_ISP6 rule ISP6_TO_Nutanix_2009_Owenli match destination-port 2009
set security nat destination rule-set DNAT_FROM_ISP6 rule ISP6_TO_Nutanix_2009_Owenli then destination-nat pool DP_Nutanix_Cluster_2009

步驟四:定義源區域訪問內網特定區域的控制策略
set security policies from-zone ISP6 to-zone trust policy Nutanix_Cluster-OWEN-EDIT match source-address any destination-address Nutanix_Cluster application tcp-2020 application tcp-2009
set security policies from-zone ISP6 to-zone trust policy Nutanix_Cluster-OWEN-EDIT then permit
set security policies from-zone ISP6 to-zone trust policy Nutanix_Cluster-OWEN-EDIT then log session-init
set security policies from-zone ISP6 to-zone trust policy Nutanix_Cluster-OWEN-EDIT then log session-close
set security policies from-zone ISP6 to-zone trust policy Nutanix_Cluster-OWEN-EDIT then count
步驟五:新定義之策略插入拒絕策略之前,即調整策略優先順序
insert security policies from-zone ISP6 to-zone trust policy Nutanix_Cluster-OWEN-EDIT before policy DENY

set security policies from-zone trust to-zone ISP6 policy Nutanix_Cluster-OWEN-EDIT match source-address Nutanix_Cluster destination-address any application tcp-2020 application tcp-2009
set security policies from-zone trust to-zone ISP6 policy Nutanix_Cluster-OWEN-EDIT then permit
set security policies from-zone trust to-zone ISP6 policy Nutanix_Cluster-OWEN-EDIT then log session-init
set security policies from-zone trust to-zone ISP6 policy Nutanix_Cluster-OWEN-EDIT then log session-close
set security policies from-zone trust to-zone ISP6 policy Nutanix_Cluster-OWEN-EDIT then count
步驟六:定義網段或特定IP從那條ISP線路訪問外網資源

INGRESS_FROM_TRUST---- 在內網接口應用過濾器filter [reth4.500 zone trust]

set firewall family inet filter INGRESS_FROM_TRUST term Nutanix_Cluster from source-address 172.18.18.45/32
set firewall family inet filter INGRESS_FROM_TRUST term Nutanix_Cluster from source-address 172.18.18.50/32
set firewall family inet filter INGRESS_FROM_TRUST term Nutanix_Cluster from source-address 172.18.18.42/32
set firewall family inet filter INGRESS_FROM_TRUST term Nutanix_Cluster from source-address 172.18.18.48/32
set firewall family inet filter INGRESS_FROM_TRUST term Nutanix_Cluster from source-address 172.18.18.52/32
set firewall family inet filter INGRESS_FROM_TRUST term Nutanix_Cluster from source-address 172.18.18.55/32
set firewall family inet filter INGRESS_FROM_TRUST term Nutanix_Cluster from source-address 172.18.18.58/32
set firewall family inet filter INGRESS_FROM_TRUST term Nutanix_Cluster from destination-address 0.0.0.0/0
set firewall family inet filter INGRESS_FROM_TRUST term Nutanix_Cluster then routing-instance FORWARD_TO_ISP6
步驟七:新定義之firewall filter策略執行 then acceppt,若之前已有跳至步驟八;
set firewall family inet filter INGRESS_FROM_TRUST term ACCEPT_ALL then accept
步驟八:把步驟六插入步驟七之前,即調整策略優先順序;
insert firewall family inet filter INGRESS_FROM_TRUST term Nutanix_Cluster before term ACCEPT_ALL
步驟九:查詢NAT會話,確定IN AND OUT雙向策略是否正確;

show security flow session nat destination-port 2020
node0:

Session ID: 91904, Policy name: LEGACY_ID_15/89, State: Backup, Timeout: 14342, Valid
In: 172.18.18.45/46082 --> 202.82.130.199/2020;tcp, If: reth4.500, Pkts: 0, Bytes: 0
Out: 202.82.130.199/2020 --> 119.145.16.241/24323;tcp, If: reth25.3001, Pkts: 0, Bytes: 0

Session ID: 234948, Policy name: Nutanix_Cluster-OWEN-EDIT/263, State: Backup, Timeout: 14292, Valid
In: 202.82.130.199/6688 --> 210.21.218.163/2020;tcp, If: reth25.3006, Pkts: 0, Bytes: 0
Out: 172.18.18.50/2020 --> 202.82.130.199/6688;tcp, If: reth4.500, Pkts: 0, Bytes: 0
Total sessions: 2

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

安乡县| 册亨县| 中方县| 蕉岭县| 武平县| 克山县| 花莲县| 双峰县| 白银市| 抚远县| 重庆市| 五台县| 安乡县| 凤翔县| 海淀区| 扶沟县| 陇西县| 肃南| 漳州市| 洛隆县| 海淀区| 凉城县| 闻喜县| 石城县| 衢州市| 正镶白旗| 临猗县| 桓仁| 安岳县| 阿合奇县| 乐山市| 东源县| 射阳县| 元江| 肥城市| 金坛市| 永登县| 宜都市| 安义县| 从江县| 高清|