Juniper SRX防火墙接口包括两种:
1、管理接口,默认为fxp0
2、业务接口,这里通常是指配置用来跑业务的板卡接口,如:SRX3k SFB 12GE(8x 1GE-TX 4x 1GE-SFP)
对于管理接口,配置IP后即可ping通:
netscreen@SRX3600# set interfaces fxp0 unit 0 family inet address 10.200.27.156/16
C:\>ping 10.200.27.156
Pinging 10.200.27.156 with 32 bytes of data:
Reply from 10.200.27.156: bytes=32 time<1ms TTL=64
Reply from 10.200.27.156: bytes=32 time<1ms TTL=64
Reply from 10.200.27.156: bytes=32 time<1ms TTL=64
Reply from 10.200.27.156: bytes=32 time<1ms TTL=64
Ping statistics for 10.200.27.156:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
如果需要telnet/ssh管理接口IP地址,则还需要放开系统层面级的telnet/ssh服务:
netscreen@SRX3600# set system services ssh
netscreen@SRX3600# set system services telnet
对于业务接口,仅仅配置IP地址无法ping:
netscreen@SRX3600# set interfaces ge-0/0/0 unit 0 family inet address 10.200.51.203/16
C:\>ping 10.200.51.203
Pinging 10.200.51.203 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.200.51.203:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
还需要该接口分配到相应的Zones,同时开放相应的服务(ping/telnet/ssh):
netscreen@SRX3600# set security zones security-zone untrust interfaces ge-0/0/0.0
netscreen@SRX3600# set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
netscreen@SRX3600# set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services telnet
netscreen@SRX3600# set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
C:\>ping 10.200.51.203
Pinging 10.200.51.203 with 32 bytes of data:
Reply from 10.200.51.203: bytes=32 time<1ms TTL=64
Reply from 10.200.51.203: bytes=32 time<1ms TTL=64
Reply from 10.200.51.203: bytes=32 time<1ms TTL=64
Reply from 10.200.51.203: bytes=32 time<1ms TTL=64
Ping statistics for 10.200.51.203:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>telnet 10.200.51.203
SRX3600B (ttyp1)
login:
转载于:https://blog.51cto.com/handsomelbl/1134958