网站建设资讯

NEWS

网站建设资讯

JuniperSRXFilter-BasedForwarding

就是策略路由

10年积累的成都网站设计、成都网站建设经验,可以快速应对客户对网站的新想法和需求。提供各种问题对应的解决方案。让选择我们的客户得到更好、更有力的网络服务。我虽然不认识你,你也不认识我。但先网站设计后付款的网站建设流程,更有包河免费网站建设让你可以放心的选择与我们合作。

1) 创建routing-instance(SP1,SP2),instance-type为fowarding

edit routing-instance [SP1] instance-type forwading

    set routing-options static route 0/0 nex-hop 202.100.1.1

edit routing-instance [SP2] instance-type forwading

    set routing-options static route 0/0 nex-hop 202.100.2.1

2)创建firewall filter


edit friewall filter [Inside1] term [1] 

    set from source-address 10.1.1.0/24

    set then routing-instance SP1

    set term [Default-Permit-All] then accept

set firewall filter [Inside1] term [1] from source-address 10.1.1.0/24

set firewall filter [Inside1] term [1] from source-port xxxx

set firewall filter [Inside1] term [1] destination-address x.x.x.x/x

set firewall filter [Inside1] term [1] destination-port xxxx

set firewall filter [Inside1] term [1] then routing-instance SP1

set firewall filter [Inside1] term [Default-Permit] then accept

edit firewall filter [Inside2] term [2]

    set from source-address 

    set then routing-instance SP2

    set term [Default-Permit-All] then accept

3)接口 调用filter

set interface ge-0/0/2.0 family inet filter input Inside1

set interfaes ge-0/0/3.0 family inet filter input Inside2

4)合并路由表

run show route    //查看全局路由表中,是没有前面定义的routing-instance中的路由的

show routing-instances

edit routing-options 

    set interface-routes rib-group inet [Policy-Routing]

    edit rib-groups [Policy-Routing]

        set import-rib [inet.0 SP1.inet.0 SP2.inet.0]

run show route    //查看合并后的路由表

5)创建Zone间策略:Security Policis(放行流量Inside1->Outside;Inside2->Outside)

set security policies from-zone Inside1 to-zone Outside policy Default-Permit-All

    set match source-address any

    set match destination-address any

    set match application any

    set then permit

set security policies from-zone Inside2 to-zone Outside policy Default-Permit-All

    set match sourc-address any

    set match destination-address any

    set match application-address any

    set then permit

#show security policies

#run show security flow session


文章题目:JuniperSRXFilter-BasedForwarding
本文链接:http://cdweb.net/article/pcpipg.html