Configure Juniper vSRX with GNS3
## Configure IP Address
set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.254/24
set interfaces ge-0/0/1 unit 0 family inet address 172.10.10.254/24
set interfaces ge-0/0/1 unit 0 family inet address 172.10.10.254/24
## Configure Zone
set security zones security-zone UNTRUST host-inbound-traffic system-services all
set security zones security-zone UNTRUST host-inbound-traffic protocols all
set security zones security-zone UNTRUST interfaces ge-0/0/2
set security zones security-zone TRUST host-inbound-traffic system-services all
set security zones security-zone TRUST host-inbound-traffic protocols all
set security zones security-zone TRUST interfaces ge-0/0/1
set security zones security-zone UNTRUST host-inbound-traffic protocols all
set security zones security-zone UNTRUST interfaces ge-0/0/2
set security zones security-zone TRUST host-inbound-traffic system-services all
set security zones security-zone TRUST host-inbound-traffic protocols all
set security zones security-zone TRUST interfaces ge-0/0/1
set security zones security-zone INTERNET host-inbound-traffic system-services all
set security zones security-zone INTERNET host-inbound-traffic protocols all
set security zones security-zone INTERNET interfaces ge-0/0/0
set security zones security-zone INTERNET host-inbound-traffic protocols all
set security zones security-zone INTERNET interfaces ge-0/0/0
## Configure Security Policy
set security policies from-zone TRUST to-zone UNTRUST policy trust-to-untrust match source-address any
set security policies from-zone TRUST to-zone UNTRUST policy trust-to-untrust match destination-address any
set security policies from-zone TRUST to-zone UNTRUST policy trust-to-untrust match application any
set security policies from-zone TRUST to-zone UNTRUST policy trust-to-untrust then permit
set security policies from-zone UNTRUST to-zone TRUST policy trust-to-untrust match source-address any
set security policies from-zone UNTRUST to-zone TRUST policy trust-to-untrust match destination-address any
set security policies from-zone UNTRUST to-zone TRUST policy trust-to-untrust match application any
set security policies from-zone UNTRUST to-zone TRUST policy trust-to-untrust then permit
set security policies from-zone TRUST to-zone UNTRUST policy trust-to-untrust match destination-address any
set security policies from-zone TRUST to-zone UNTRUST policy trust-to-untrust match application any
set security policies from-zone TRUST to-zone UNTRUST policy trust-to-untrust then permit
set security policies from-zone UNTRUST to-zone TRUST policy trust-to-untrust match source-address any
set security policies from-zone UNTRUST to-zone TRUST policy trust-to-untrust match destination-address any
set security policies from-zone UNTRUST to-zone TRUST policy trust-to-untrust match application any
set security policies from-zone UNTRUST to-zone TRUST policy trust-to-untrust then permit
TRUST and UNTRUST to INTERNET
set security policies from-zone UNTRUST to-zone INTERNET policy untrust-to-internet match source-address any
set security policies from-zone UNTRUST to-zone INTERNET policy untrust-to-internet match destination-address any
set security policies from-zone UNTRUST to-zone INTERNET policy untrust-to-internet match application any
set security policies from-zone UNTRUST to-zone INTERNET policy untrust-to-internet then permit
set security policies from-zone UNTRUST to-zone INTERNET policy untrust-to-internet match destination-address any
set security policies from-zone UNTRUST to-zone INTERNET policy untrust-to-internet match application any
set security policies from-zone UNTRUST to-zone INTERNET policy untrust-to-internet then permit
set security policies from-zone TRUST to-zone INTERNET policy trust-to-internet match source-address any
set security policies from-zone TRUST to-zone INTERNET policy trust-to-internet match destination-address any
set security policies from-zone TRUST to-zone INTERNET policy trust-to-internet match application any
set security policies from-zone TRUST to-zone INTERNET policy trust-to-internet then permit
set security policies from-zone TRUST to-zone INTERNET policy trust-to-internet match destination-address any
set security policies from-zone TRUST to-zone INTERNET policy trust-to-internet match application any
set security policies from-zone TRUST to-zone INTERNET policy trust-to-internet then permit
## Configure NAT Source
set security nat source rule-set trust-to-untrust from zone TRUST
set security nat source rule-set trust-to-untrust to zone UNTRUST
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security nat source rule-set trust-to-untrust to zone UNTRUST
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security nat source rule-set trust-to-internet from zone TRUST
set security nat source rule-set trust-to-internet to zone INTERNET
set security nat source rule-set trust-to-internet rule source-nat-rule1 match source-address 0.0.0.0/0
set security nat source rule-set trust-to-internet rule source-nat-rule1 then source-nat interface
set security nat source rule-set trust-to-internet to zone INTERNET
set security nat source rule-set trust-to-internet rule source-nat-rule1 match source-address 0.0.0.0/0
set security nat source rule-set trust-to-internet rule source-nat-rule1 then source-nat interface
set security nat source rule-set untrust-to-internet from zone UNTRUST
set security nat source rule-set untrust-to-internet to zone INTERNET
set security nat source rule-set untrust-to-internet rule source-nat-rule2 match source-address 0.0.0.0/0
set security nat source rule-set untrust-to-internet rule source-nat-rule2 then source-nat interface
set security nat source rule-set untrust-to-internet to zone INTERNET
set security nat source rule-set untrust-to-internet rule source-nat-rule2 match source-address 0.0.0.0/0
set security nat source rule-set untrust-to-internet rule source-nat-rule2 then source-nat interface
## Configure Default Route ( Jika di perlukan )
set routing-options static route 0.0.0.0 next-hop (gateway)
## Verification
show configuration
show security flow session
ping x.x.x.x
show route
show security nat source summary
show security flow session
ping x.x.x.x
show route
show security nat source summary
Comments
Post a Comment