Juniper设备-防火墙运维选编.ppt

Copyright ? 2008 Juniper Networks, Inc. * Copyright ? 2008 Juniper Networks, Inc. * 　　　防火墙运维要点 设备管理访问控制 Management requests terminate on the unit As a security device, the NetScreen must qualify all management requests Match the management address of the arriving interface Match the IP address of a ‘trusted’ source Match an allowed service type Match username/password Src Dst Mgt. Request Addr Addr (ie. Ping) Management Service Filter I n t e r f a c e manage-ip Mgt. Address Allowed services A u t h e n t i c a t i o n Username/ password manager-ip Trusted Source 管理地址 数据接口地址 专用管理端口 数据接口管理地址 HA配置下管理可管理主/备机 主/备地址不同 数据接口地址可管理 数据接口管理地址 检查接口配置 Network Interfaces ns208- get interface A - Active, I - Inactive, U - Up, D - Down, R - Ready Interfaces in vsys Root: Name IP Address Zone MAC VLAN State VSD eth1 /24 Private 0010.db1d.1be0 - U - eth2 /0 V1-DMZ 0010.db1d.1be4 - D - eth3 /0 V1-Untrust 0010.db1d.1be5 - D - eth4 /0 Private 0010.db1d.1be6 - D - eth5 /0 Untrust 0010.db1d.1be7 - D - eth6 /0 Null 0010.db1d.1be8 - D - eth7 /24 Public 0010.db1d.1be9 - U - eth8 /24 External 0010.db1d.1bea - U - vlan1 /0 VLAN 0010.db1d.1bef 1 D - 检查路由 - CLI 查看路由 ns208- get route C - Connected, S - Static, A - Auto-Exported, I - Imported iB - IBGP, eB - EBGP, R - RIP, O - OSPF, E1 - OSPF external type 1 E2 - OSPF external type 2 trust-vr (8 entries) ====================== ID IP-Prefix Interface Gateway P Pref Mtr Vsys ------------------------------------------------------------------------------ 9 /0 eth8 54 S 20 1 Root * 8 /24 eth7 54 S 20 1 Root 7 /24 eth2