南京呼叫中心防火墙配置(备份)

最新推荐文章于 2023-08-28 13:48:14 发布
最新推荐文章于 2023-08-28 13:48:14 发布
阅读量260 收藏
点赞数
原文链接:http://www.cnblogs.com/networking/p/4111874.html
版权

set clock timezone 0
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set service "RDP-8888" protocol tcp src-port 1-65535 dst-port 8888-8888
set service "P4788" protocol tcp src-port 1-65535 dst-port 4788-4788
set service "P4789" protocol tcp src-port 1-65535 dst-port 4789-4789
set service "P9991" protocol tcp src-port 1-65535 dst-port 9991-9991
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "admin"
set admin password "nH/vDirbE5GBcjdGoslAEBBtHFA6En"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "DMZ" tcp-rst
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set zone "Trust" screen alarm-without-drop
set zone "Trust" screen icmp-flood
set zone "Trust" screen udp-flood
set zone "Trust" screen winnuke
set zone "Trust" screen port-scan
set zone "Trust" screen ip-sweep
set zone "Trust" screen tear-drop
set zone "Trust" screen syn-flood
set zone "Trust" screen ip-spoofing
set zone "Trust" screen ping-death
set zone "Trust" screen ip-filter-src
set zone "Trust" screen land
set zone "Trust" screen syn-frag
set zone "Trust" screen tcp-no-flag
set zone "Trust" screen ip-bad-option
set zone "Trust" screen ip-record-route
set zone "Trust" screen ip-timestamp-opt
set zone "Trust" screen ip-security-opt
set zone "Trust" screen ip-loose-src-route
set zone "Trust" screen ip-strict-src-route
set zone "Trust" screen ip-stream-opt
set zone "Trust" screen icmp-fragment
set zone "Trust" screen icmp-large
set zone "Trust" screen syn-fin
set zone "Trust" screen fin-no-ack
set zone "Trust" screen syn-ack-ack-proxy
set zone "Trust" screen block-frag
set zone "Trust" screen component-block zip
set zone "Trust" screen component-block exe
set zone "Trust" screen component-block activex
set zone "Trust" screen icmp-id
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set zone "Trust" screen icmp-flood threshold 100
set zone "Trust" screen udp-flood dst-ip x.x.x.x
set interface "ethernet1" zone "Trust"
set interface "ethernet2" zone "V1-Trust"
set interface "ethernet3" zone "Null"
set interface "ethernet4" zone "V1-Untrust"
set interface vlan1 ip 10.2.80.3/20
set interface vlan1 nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface vlan1 ip manageable
unset flow no-tcp-seq-check
set flow tcp-syn-check
set hostname juniper-network
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set address "V1-Trust" "10.2.0.0/16" 10.2.0.0 255.255.0.0
set address "V1-Trust" "10.2.0.0/20" 10.2.0.0 255.255.240.0
set address "V1-Trust" "x.x.x.x/28" x.x.x.x 255.255.255.240
set address "V1-Trust" "x.x.x.x/28" x.x.x.x 255.255.255.240
set address "V1-Untrust" "10.2.0.0/16" 10.2.0.0 255.255.0.0
set address "V1-Untrust" "10.3.0.0/8" 10.3.0.0 255.0.0.0
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set url protocol websense
exit
set policy id 1 name "lan-to-wan" from "V1-Trust" to "V1-Untrust" "Any" "Any" "ECHO" permit
set policy id 1
exit
set policy id 2 from "V1-Trust" to "V1-Untrust" "Any" "Any" "DNS" permit
set policy id 2
exit
set policy id 3 from "V1-Trust" to "V1-Untrust" "Any" "Any" "HTTP" permit
set policy id 3
exit
set policy id 4 from "V1-Trust" to "V1-Untrust" "Any" "Any" "GRE" permit
set policy id 4
exit
set policy id 5 from "V1-Trust" to "V1-Untrust" "Any" "Any" "HTTPS" permit
set policy id 5
exit
set policy id 6 from "V1-Untrust" to "V1-Trust" "Any" "Any" "ICMP-ANY" permit
set policy id 6
exit
set policy id 7 name "vpn-to-lan-admin" from "V1-Untrust" to "V1-Trust" "10.2.0.0/16" "10.2.0.0/16" "ANY" permit
set policy id 7
exit
set policy id 9 name "pptp" from "V1-Untrust" to "V1-Trust" "Any" "106.3.78.160/28" "HTTP" permit
set policy id 9
exit
set policy id 10 name "pptp-gre" from "V1-Untrust" to "V1-Trust" "Any" "x.x.x.x/28" "GRE" permit
set policy id 10
exit
set policy id 11 name "pptp" from "V1-Untrust" to "V1-Trust" "Any" "x.x.x.x/28" "PPTP" permit
set policy id 11
exit
set policy id 12 name "RDP8888" from "V1-Untrust" to "V1-Trust" "Any" "x.x.x.x/28" "RDP-8888" permit
set policy id 12
exit
set policy id 13 name "P4788" from "V1-Untrust" to "V1-Trust" "Any" "x.x.x.x/28" "P4788" permit
set policy id 13
exit
set policy id 14 name "P4789" from "V1-Untrust" to "V1-Trust" "Any" "106.3.78.160/28" "P4789" permit
set policy id 14
exit
set policy id 15 name "P9991" from "V1-Untrust" to "V1-Trust" "Any" "106.3.78.160/28" "P9991" permit
set policy id 15
exit
set policy id 16 name "lan-to-wan" from "V1-Trust" to "V1-Untrust" "Any" "Any" "SMTP" permit
set policy id 16
exit
set policy id 17 name "-lan-to-wan" from "V1-Trust" to "V1-Untrust" "Any" "Any" "NTP" permit
set policy id 17
exit
set policy id 18 name "lan-to-wan" from "V1-Trust" to "V1-Untrust" "Any" "Any" "POP3" permit
set policy id 18
exit
set policy id 19 name "lan-to-wan" from "V1-Trust" to "V1-Untrust" "Any" "Any" "L2TP" permit
set policy id 19
exit
set policy id 20 name "lan-to-wan" from "V1-Trust" to "V1-Untrust" "Any" "Any" "PPTP" permit
set policy id 20
exit
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 0.0.0.0/0 gateway x.x.x.x
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit

转载于:https://www.cnblogs.com/networking/p/4111874.html

weixin_30740295
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
trust-vr  
weixin_34260991的博客
01-20 1027
trust-vr虚拟路由在Juniper防火墙设备的OS中,集成了虚拟路由和策略路由功能,在一般的情况下,这两个功能都很少使用,但是,在某些特殊的环境中就需要这两个功能的应用了。 虚拟路由在逻辑上,可以看做是一个独立的路由器,并有独立的路由列表。在Juniper防火墙的OS中,默认有两个虚拟路由:trust-vr和untrust-vr防火墙中的各种基于流量转发的...
juniper配置文档
06-20
JUNIPER配置如下: set clock timezone 8 set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00 set vrouter trust-vr sharable set vrouter "untrust-vr"
juniper ssg 常用命令
weixin_30757793的博客
06-30 2180
netscreen juniper ssg操作命令 2013年4月10日 命令行下取得配置信息 get config 命令行下取得相应时间设置 get clock set vrouter trust-vr sharable 设置虑拟路由器trust-vr可以为其他VSYS系统共享 set vrouter "untrust-vr"...
全新Juniper SSG140基础配置
最新发布
a635161812的博客
08-28 2724
​记录一个新设备的配置参考文章juniper防火墙配置手册wktsJuniper SRX详细配置手册(含注释)Juniper ssg 550m 基本设置,双线路接入,策略路由及线路监测单台Junipr SSG双ISP接入juniper Netscreen防火墙策略路由配置e0/2-10.1.165.211-代理10.1.180.3-210.83.222.85。
SSG520 l2tp配置
jekc2008的专栏
08-25 1165
SSG 520 VPN L2TP配置
JUNIPER双线拨号×××配置
weixin_34249678的博客
02-15 476
以下配置是JUNIPER双线拨号×××配置set clock timezone 0 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set alg appleichat enable...
阿里云呼叫中心demo源码
12-26
这个源码库对于开发者来说是一个宝贵的资源,可以帮助他们快速理解和掌握如何在自己的应用中集成阿里云的呼叫中心服务。通过深入研究和实践这些代码,你可以了解到如何实现呼叫、接听、转接、录音、IVR(互动式语音...
呼叫中心系统源码(可用)
11-18
简单的呼叫中心系统简单的呼叫中心系统简单的呼叫中心系统简单的呼叫中心系统简单的呼叫中心系统简单的呼叫中心系统简单的呼叫中心系统简单的呼叫中心系统简单的呼叫中心系统简单的呼叫中心系统简单的呼叫中心系统...
呼叫中心的创意无限
10-22
呼叫中心可以这样定义,它是充分利用现代通讯与计算机技术,如IVR(交互式语音800呼叫中心流程图应答系统)、ACD(自动呼叫分配系统)等等,可以自动灵活地处理大量各种不同的电话呼入和呼出业务和服务的运营操作...
呼叫中心基础知识.ppt
04-22
* 呼叫中心体系结构:包括电话接入、异步接入、其他接入、服务层、路由统计、录音、IVR、坐席状态、API、报表工具层、配置、开发工具、监控、其他应用等。 * 呼叫中心性能指标:包括容量、呼损、最大容量下延时、...
呼叫中心技术特点及其发展
01-19
摘 要 呼叫中心是一个现代企业的重要组成部分,作为企业的门户它是企业与客户沟通的桥梁,是企业客户服务的,也是企业增强客户忠诚度、管理客户关系的基础。另外现代呼叫中心不仅是企业的门户,而且是企业重要的...
Juniper Firewall多进单出配制实例
weixin_33730836的博客
07-26 256
Technorati 标签: juniper,多进单出,配置实例,firewall Juniper firewall多進單出配置。想法是這樣的用一台firewall將這幾條ISP線路都接入,再通過一個trunk口出來,通過一台L2 switch劃分出幾個VLAN,分別對應不同的ISP線路。這樣做的好處就不多说了,最起码省了在firewall上使用的端口吧,嘎嘎。可能你會擔心端口帶寬問題。試驗用的...
Juniper SSG 防火墙
潇峰的博客
08-25 1072
win10无法登陆SSG进行WEB UI管理故障描述:尝试登录SSG设备时,无法无法刷出页面,但是设备时可以ping通的(内部接口),可以Telnet上设备,就是无法通过网页登录。深入测试:win7的系统可以登录,win10的不行,浏览器报协议版本或加密算法不支持。故障分析:这种情况下,可能是由于防火墙的加密算法的问题。 1、con到设备:SSG320M-> get ssh ...
第 16 章 Firewall
weixin_34389926的博客
01-08 55
目录 16.1. config 16.2. interface 16.2.1. PPPoE 16.2.2. 接口模式 16.2.3. vlan 16.2.4. MIP 16.2.5. VIP 16.3. arp 16.4. ntp-server 16.5. DHCP 16.6. SNMP 16.7. Service 16.8. Address 1...
opencontrail vrouter 中的数据流程
huisekong的专栏
07-18 625
Vrouter 所有的参数都是默认参数,虚拟机21.21.21.23 ping gw irb 21.21.21.254 下述流程只关注gw->vm. 流表方面少量的涉及。有机会详细分析流表。
@Sharable 注解作用
热门推荐
peng.zhou
11-03 2万+
@Sharable 注解用来说明ChannelHandler是否可以在多个channel直接共享使用。下面我们做一个实验。 1.Channel共享ChannelHandler对象。但是这个ChannelHandler没有添加@Sharable注解 public static void start() throws InterruptedException { final Ech
Juniper Netscreen Policy-based S2S Virtual-Private-Network Setup
weixin_47485680的博客
02-24 416
Step by step to show how to setup policy based s2s vpn for Juniper Netscreen SSG520
Juniper 防火墙session拥堵案例解决
weixin_33720078的博客
08-21 858
周一的时候一上班接到公司同事告知连接服务器巨慢。我打开防火墙查看日志发现session数量占据超过90%,可能过多的并发session造成了防火墙的拥堵。于是我看是查找问题根源来解决。 首先我用图形界面登录防火墙发现不能使用命令行模式控制,于是我configure--update----save to file导出防火墙配置发现 set interface ethern...
Linux IPsec点到点配置
数据之路-忆梦前程
02-29 7439
linux点到点vpn ipsec配置 Juniper netscreen interop Juniper end point: set ike gateway "GW-01" address Main outgoing-zone "V1-Untrust" preshare "Your PSK Here" proposal "pre-g2-3des-md5" set ike
精选某通信呼叫中心的服务规范.pptx
11-14
精选某通信呼叫中心的服务规范.pptx

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值