junipersrx240cluster內網服務器端口發(fā)布到外網配置實例

========================================================================================================================
-----------------------------------------內網地址端口發(fā)布到外網步驟-----------------------------------------------------
set security address-book global address IMMQI_PRIVATE 172.22.201.20/32

創(chuàng)新互聯(lián)專注于企業(yè)營銷型網站建設、網站重做改版、坡頭網站定制設計、自適應品牌網站建設、H5網站設計、商城網站建設、集團公司官網建設、外貿網站建設、高端網站制作、響應式網頁設計等建站業(yè)務，價格優(yōu)惠性價比高，為坡頭等各大城市提供網站開發(fā)制作服務。

步驟一：創(chuàng)建 NAT pool
set security nat destination pool DP_TRUST_IMMQI_10089 address 172.22.201.20/32
set security nat destination pool DP_TRUST_IMMQI_10089 address port 10089

步驟二：創(chuàng)建 NAT Rule
set security nat destination rule-set DNAT_FROM_ISP1 rule ISP1_TCP10089_TO_IMMQI_10089 match destination-address-name WAN3001_241 -----119.145.16.241
set security nat destination rule-set DNAT_FROM_ISP1 rule ISP1_TCP10089_TO_IMMQI_10089 match destination-port 10089
set security nat destination rule-set DNAT_FROM_ISP1 rule ISP1_TCP10089_TO_IMMQI_10089 then destination-nat pool DP_TRUST_IMMQI_10089

步驟三：創(chuàng)建放行端口及協(xié)議類型
set applications application tcp-10089 protocol tcp
set applications application tcp-10089 destination-port 10089
set applications application tcp-10090 protocol tcp
set applications application tcp-10090 destination-port 10090

步驟四：創(chuàng)建區(qū)域策略，并具體匹配源地址和目標地址端口
set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 match source-address any
set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 match destination-address IMMQI_PRIVATE
set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 match application tcp-80
set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 match application tcp-9998
set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 match application tcp-10089
set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 then permit
set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 then log session-init
set security policies from-zone ISP1 to-zone trust policy P_IMMQI_80_9998 then log session-close

步驟五：如果新建協(xié)議，則需要調整策略優(yōu)先級
insert security policies from-zone Design to-zone trust policy RM-201_84-Cost-Lectra before policy DENY ----新增加策略需要檢查是否需要修改策略優(yōu)先級

set security address-book global address QI_PRIVATE 172.22.201.19/32

正式環(huán)境

set security nat destination pool DP_TRUST_IQCSAP_10090 address 172.22.201.19/32
set security nat destination pool DP_TRUST_IQCSAP_10090 address port 10089

ISP1電信線路

set security nat destination rule-set DNAT_FROM_ISP1 rule ISP1_TO_TRUST_IQCSAP_10090 match destination-address-name WAN3001_241
set security nat destination rule-set DNAT_FROM_ISP1 rule ISP1_TO_TRUST_IQCSAP_10090 match destination-port 10090
set security nat destination rule-set DNAT_FROM_ISP1 rule ISP1_TO_TRUST_IQCSAP_10090 then destination-nat pool DP_TRUST_IQCSAP_10090

set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 match source-address any
set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 match destination-address QI_PRIVATE
set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 match application tcp-10089
set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 then permit
set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 then log session-init
set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 then log session-close
set security policies from-zone ISP1 to-zone trust policy P_IQCSAP_10090 then count

ISP6 聯(lián)通線路

set security nat destination rule-set DNAT_FROM_ISP6 rule ISP6_TO_TRUST_IQCSAP_10090 match destination-address-name WAN3006_165
set security nat destination rule-set DNAT_FROM_ISP6 rule ISP6_TO_TRUST_IQCSAP_10090 match destination-port 10090
set security nat destination rule-set DNAT_FROM_ISP6 rule ISP6_TO_TRUST_IQCSAP_10090 then destination-nat pool DP_TRUST_IQCSAP_10090

set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 match source-address any
set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 match destination-address QI_PRIVATE
set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 match application tcp-10089
set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 then permit
set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 then log session-init
set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 then log session-close
set security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 then count

insert security policies from-zone ISP6 to-zone trust policy P_IQCSAP_10090 before policy DENY

驗證

{primary:node0}
owenli@cfw01a.cn1> show security flow session nat destination-port 10090
node0:

Session ID: 124271, Policy name: P_IQCSAP_10090/276, State: Backup, Timeout: 14396, Valid
In: 113.X.X.199/57104 --> X.X.X.165/10090;tcp, If: reth25.3006, Pkts: 0, Bytes: 0
Out: 172.22.201.19/10089 --> 113.X.X.199/57104;tcp, If: reth4.500, Pkts: 0, Bytes: 0
Total sessions: 1

node1:

Session ID: 140801, Policy name: P_IQCSAP_10090/276, State: Active, Timeout: 1796, Valid
In: 113.X.X.199/57104 --> X.X.X.165/10090;tcp, If: reth25.3006, Pkts: 2, Bytes: 92
Out: 172.22.201.19/10089 --> 113.X.X.199/57104;tcp, If: reth4.500, Pkts: 1, Bytes: 52
Total sessions: 1

分享題目：junipersrx240cluster內網服務器端口發(fā)布到外網配置實例
路徑分享：http://muchs.cn/article6/ihdiog.html

成都網站建設公司_創(chuàng)新互聯(lián)，為您提供營銷型網站建設、搜索引擎優(yōu)化、品牌網站設計、軟件開發(fā)、全網營銷推廣、網站內鏈

聲明：本網站發(fā)布的內容（圖片、視頻和文字）以用戶投稿、用戶轉載內容為主，如果涉及侵權請盡快告知，我們將會在第一時間刪除。文章觀點不代表本網站立場，如需處理請聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內容未經允許不得轉載，或轉載時需注明來源：創(chuàng)新互聯(lián)

猜你還喜歡下面的內容

junipersrx240cluster內網服務器端口發(fā)布到外網配置實例

{primary:node0}owenli@cfw01a.cn1> show security flow session nat destination-port 10090node0:

node1:

{primary:node0}
owenli@cfw01a.cn1> show security flow session nat destination-port 10090
node0: