1) 接口

set interfaces ge-0/0/0.0 family inet address x.x.x.x/24

set interfaces ge-0/0/1.0 family inet address x.x.x.x/24


#show interfaces

#run show int terse


2) 安全区域(中把接口加入到各安全区域)


set security zones security-zone Outside/Inside 或 untrust/trust interface ge-0/0/0.0


#show security zones


3) 安全策略-zone间策略(由内到外流量-全部permit;由外到内流量-全部deny)

set security policies from-zone Inside to-zone Outside policy [Policy-Name]Default-Permit

    match source-address any

    match destination-address any

    match application any

    then permit

 

4) 安全区域的(各个安全区域的)addressbook  

//针对match source-address\destination-address any

set security zones security-zone Outside address-book address [Address-Name]  x.x.x.x/32

set security zones security-zone Inside address-book address [Address-Name] x.x.x.x/32

 

5) 配置应用applications   application 或 applications application-set  

//针对 match application any

set application  [Application-Name]    //show applications

 

set applications apolication [TCP-3032] protocol tcp destination-port 3032 

set applications application-set [APP-SET1] application TCP-3032

 

show security flow session ?

_______________________________________________________________________________ 

6) count

edit security poicies from-zone Inside to-zone Outside policy Default-Permit

    set match source-address Inside-Network

    set match destination-address SP-Routers

    set match application any

    set then permit

    set then count

    set then log session-init session-close

 

set system syslog file [Traffic-Log] any(facility) any(level严重级别)

set system syslog file [Traffice-log] match "RT_FLOW_SESSION"

 

>show security policies policy-name [Default-Permit] detail

 

>show system syslog

>show log [Traffice-Log]

 

7) monitor

#set system syslog file Monitor-Traffic-Log any any

#set system syslog file Monitor-Traffic-Log match "10.1.1.1"

#show system syslog

>monitor start Monitor-Traffic-Log

>monitor stop

 

8) security flow traceoptions //Juniper的debug

9) Policy Schedulers //时间访问控制列表

10) Web-Authen

11) Pass-Through