Basic Configure Juniper SRX/vSRX

### Cara Configuration Hostname

set system hostname Router_ABC

### Cara Configuration DNS
set system name-server 8.8.8.8
set system name-server 8.8.4.4

### Cara Configuration interface static
set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.1/24
set interfaces ge-0/0/1 unit 0 family inet address 10.10.10.1/24

### Cara Configuration interface dhcp
set interfaces ge-0/0/0 unit 0 family inet dhcp

### Cara Configuration Default Route
set routing-options static route 0.0.0.0/0 next-hop 192.168.100.1

### Cara Configuration Security Zone

Zone TRUST ( biasanya ke LAN / Internal )
Zone UNTRUST ( ke arah Internet )

set security zones security-zone TRUST interfaces ge-0/0/1 host-inbound-traffic system-services ping
set security zones security-zone TRUST interfaces ge-0/0/1 host-inbound-traffic system-services ssh
atau
set security zones security-zone TRUST interfaces ge-0/0/1 host-inbound-traffic system-services all
set security zones security-zone TRUST interfaces ge-0/0/1 host-inbound-traffic protocol all

set security zones security-zone UNTRUST interfaces ge-0/0/0

### Cara Configuration Address Book
set security zones security-zone TRUST address-book address Network_LAN 10.10.10.0/24

### Configuration Security Policies
delete security policies
set security policies from-zone TRUST to-zone UNTRUST policy allow-TRUST-clients match source-address Network_LAN / any
set security policies from-zone TRUST to-zone UNTRUST policy allow-TRUST-clients match destination-address any
set security policies from-zone TRUST to-zone UNTRUST policy allow-TRUST-clients match application any
set security policies from-zone TRUST to-zone UNTRUST policy allow-TRUST-clients then permit

### Cara Configuration source NAT for Internal Clients
delete security nat
set security nat source rule-set TRUST-to-UNTRUST from zone TRUST
set security nat source rule-set TRUST-to-UNTRUST to zone UNTRUST
set security nat source rule-set TRUST-to-UNTRUST rule internet-access match source-address 10.10.10.0/24 / any
set security nat source rule-set TRUST-to-UNTRUST rule internet-access match destination-address 0.0.0.0/0
set security nat source rule-set TRUST-to-UNTRUST rule internet-access then source-nat interface
commit

### Verification
# run ping 8.8.8.8
> ping 8.8.8.8

Comments

Post a Comment

Popular posts from this blog

Export SCP

## CLI mode scp export logdb to root@x.x.x.x:/logdbPA-Swan scp export logdb to maintence@x.x.x.x:/home/maintenance/logdbPA-Swan scp export logdb to maintence@x.x.x.x.x:/home/maintenance/logdbPA-Swan > set cli config-output-format set > configure # show > set cli config-output-format xml > configure # show scp export log traffic start-time equal 2019/01/01@00:00:00 end-time equal 2020/06/26@00:00:00 to maintenance@x.x.x.x:/logs-traffic-pa-swan scp export log system start-time equal 2019/01/01@00:00:00 end-time equal 2020/06/26@00:00:00 to maintenance@x.x.x.x:/logs-system-pa-swan scp export log alarm start-time equal 2019/01/01@00:00:00 end-time equal 2020/06/26@00:00:00 to maintenance@x.x.x.x:/logs-alarm-pa-swan scp export log config start-time equal 2019/01/01@00:00:00 end-time equal 2020/06/26@00:00:00 to maintenance@x.x.x.x:/logs-config-pa-swan scp export log data start-time equal 2019/01/01@00:00:00 end-time equal 2020/06/26@00:00:00 to maintenance@172.18.65.18...
Read more