juniper防火墙 安装手册 2（Juniper Firewall installation manual 2）.doc

juniper防火墙 安装手册 2（Juniper Firewall installation manual 2） 3, Juniper firewall several commonly used function configuration Here the Juniper firewall about several commonly used functions mainly refers to the implementation of the strategy based on NAT, including: MIP, VIP and DIP, the main application of the three kinds of commonly used functions on the firewall protection server provides the external service. 3.1, MIP configuration MIP is a one to one two-way address translation (translation) process. Typically, when you have a number of public IP addresses, and there are a number of foreign network service server (server using private IP address), in order to achieve Internet users access these servers, can be established between the public IP address and IP address of the server private one-to-one mapping to exit Internet firewall (MIP), and through the strategy to realize the access control service provided by the server. Network topology diagram of MIP application: Note: MIP is configured on the outer network port of the firewall (port of the Internet connection). 3.1.1 and configure MIP using the Web browser Log into the firewall and deploy the firewall as a three tier mode (NAT or routing mode); Define MIP:Network=Interface=ethernet2=MIP, configure and realize the address mapping of MIP. Mapped IP: public network IP address, Host IP: intranet server IP address Defining policy: in POLICY, configure access control policies from outside to inside to allow access from external networks to internal network server applications. 3.1.2, configure MIP using command line Configuring interface parameters Set, interface, ethernet1, zone, trust Set, interface, ethernet1, IP, /24 Set interface ethernet1 nat Set, interface, ethernet2, zone, untrust Set, interface, ethernet2, IP, /24 Defining MIP Set, interface, ethernet2, MIP, , host, , netmask,, 55, vrouter, trust-vr Definition strategy Set, policy, from, untrust, to, trust, any, MIP (), HTTP, permit Save 3.2, VIP configur