search

Juniper SRX100 Manuale Pagina 6

  • Scaricare
  • Aggiungi ai miei manuali
  • Stampa
  • Pagina
    / 11
  • Indice
  • SEGNALIBRI
    • Valutato. / 5. Basato su recensioni clienti
Vedere la pagina 5
4 Copyright © 2009, Juniper Networks, Inc.
APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways
Firewall Configuration for Outbound Access Using IRB
To eliminate the need for an external switch (if the SRX Series device has enough available ports), SRX Series
Services Gateways can be configured to provide switching and routing simultaneously.
An SRX Series device uses virtual L3 interfaces to support integrated routing and bridging (IRB) or equivalently,
routing between a set of switched and routed interfaces. Today, this design is widely adopted on enterprise switches.
Implementing route bridging in a security device is more challenging than in a switch because security policies
are applied to both inter-zone and intra-zone traffic. JUNOS implements IRB with the help of VLANs combined
with interfaces. A VLAN is a collection of interfaces that can be grouped together into a broadcast domain. JUNOS
switches Ethernet frames within a VLAN rather than routing IP packets. A virtual interface, called VLAN, is used to
route traffic between the switched ports and routed ports. This architectural approach is very similar to connecting a
standalone switch to a port on the firewall.
Note: Readers may want to skip this configuration and try it at the end as subsequent examples build upon the
first example.
To illustrate this firewall configuration, the following design assumptions are made:
Interface fe-0/0/7 provides connection to the Internet.•
Grouping the following interfaces creates a VLAN.•
ge-0/0/0 -
ge-0/0/1 -
fe-0/0/2 -
fe-/0/0/3 -
VLAN interface with an IP address 192.168.1.1/24 is created to route traffic between switch ports and the routed •
interface fe-0/0/7.
Configuration
1. Remove the factory default IP address from the interface ge-0/0/0.
delete interfaces ge-0/0/0 unit 0 family inet
2. Configure Ethernet switching on the interfaces that are part of VLAN.
set interfaces ge-0/0/0 unit 0 family ethernet-switching
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces fe-0/0/2 unit 0 family ethernet-switching
set interfaces fe-0/0/3 unit 0 family ethernet-switching
3. Configure VLAN interface to route traffic between switched ports and the routed interface.
set interfaces vlan unit 0 family inet address 192.168.1.1/24
vlan i/f
192.168.1.1/24
fe-0/0/7
1.1.1.1/30
UNTRUST ZONE
TRUST ZONE
INTERNET
Untrust Zone
Trust Zone
Vedere la pagina 5
1 2 3 4 5 6 7 8 9 10 11

Commenti su questo manuale

Nessun commento
Prodotti e manuali riguardandi Gateway/Controller Juniper SRX100
Gateway/Controller Juniper SSG-140-SH Specifiche   (60 pagine)
  • Crowcon Kifco Kanguru Solutions Allied-moulded Northwestern Bell
  • GE Macchine per panini ION Dock station per dispositivi portatili Bosch Accessori di fissaggio per fotocamera IBM Supporti per CPU Boss Audio Systems Computer di bordo auto
  • Indesit EWSB 5085 BK CIS AEG L6FEG49S Zanussi FJ905N Bosch 125HX NG Moen S612
  • HP ZBook 17 Mobile Workstation Manuale Utente Shimano FlightDeck SC-6502 Specifiche Mitsubishi 2033C Specifiche HP XU800 Manuale Utente Maytag MIM1554WRS Manuale Utente