SRX 透明模式配置

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SRX 透明模式配置相关的知识,希望对你有一定的参考价值。

注意,这个是12.1 和12.3 版本或是之前的基本配置案例,15.1或之后的配置有细微区别,有需要可以找找KB或是官方文档。
set bridge-domains bd1 domain-type bridge vlan-id 10
set interface irb unit 0 family inet address 10.1.1.1/24 web-authentication http
set bridge-domains bd1 routing-interface irb.0
set routing-options static route 0.0.0.0/0 next-hop 10.1.1.254
set systemservices web-management http
set interfaces ge-0/0/0 unit 0 family bridge interface-mode access
set interfaces ge-0/0/0 unit 0 family bridge vlan-id 10
set interfaces ge-0/0/1 unit 0 family bridge interface-mode access
set interfaces ge-0/0/1 unit 0 family bridge vlan-id 10
set security zones security-zone l2-trust interfaces ge-0/0/0.0 host-inbound-traffic systemservices all
set security zones security-zone l2-untrust interfaces ge-0/0/1.0 host-inbound-traffic systemservices ftp
set security zones security-zone l2-untrust interfaces ge-0/0/1.0 host-inbound-traffic systemservices ping
set security zones security-zone l2-untrust interfaces ge-0/0/1.0 host-inbound-traffic systemservices http
set security zones security-zone l2-untrust interfaces ge-0/0/1.0 host-inbound-traffic systemservices https
set security zones security-zone l2-untrust interfaces ge-0/0/1.0 host-inbound-traffic systemservices ssh
set security policies from-zone l2-trust to-zone l2-untrust policy p1 match source-address 10.1.1.1/24
set security policies from-zone l2-trust to-zone l2-untrust policy p1 match destination-address 20.1.1.1/32
set security policies from-zone l2-trust to-zone l2-untrust policy p1 match application http
set security policies from-zone l2-trust to-zone l2-untrust policy p1 then permit

set security policies from-zone l2-trust to-zone l2-untrust policy p2 match source-address 10.1.1.1/24
set security policies from-zone l2-trust to-zone l2-untrust policy p2 match destination-address 20.1.1.1/32
set security policies from-zone l2-trust to-zone l2-untrust policy p2 match application ping
set security policies from-zone l2-trust to-zone l2-untrust policy p2 then permit

set security policies from-zone l2-trust to-zone l2-untrust policy p3 match source-address 10.1.1.1/24
set security policies from-zone l2-trust to-zone l2-untrust policy p3 match destination-address 20.1.1.1/32
set security policies from-zone l2-trust to-zone l2-untrust policy p3 match application ssh
set security policies from-zone l2-trust to-zone l2-untrust policy p3 then permit

以上是关于SRX 透明模式配置的主要内容,如果未能解决你的问题,请参考以下文章

求pfsense透明模式详细设置教程

第九章 大网高级   日志和防火墙透明模式

WAFの基本防护透明流模式v1.0

防火墙(ASA)高级配置之URL过滤日志管理透明模式

思科ASA5520防火墙如何配置能正常上网?

24-思科防火墙:ASA透明防火墙实验