亚洲综合社区欧美综合色-欧美逼逼一区二区三区-国产老熟女高潮精品网站-国产日韩最新视频在线看

始創(chuàng)于2000年 股票代碼:831685
咨詢熱線:0371-60135900 注冊有禮 登錄
  • 掛牌上市企業(yè)
  • 60秒人工響應(yīng)
  • 99.99%連通率
  • 7*24h人工
  • 故障100倍補(bǔ)償
全部產(chǎn)品
您的位置: 網(wǎng)站首頁 > 幫助中心>文章內(nèi)容

juniper srx650防護(hù)防火墻公網(wǎng)IP被攻擊方法
發(fā)布時間:  2012/5/25 19:37:43

內(nèi)網(wǎng)通過源地址的NAT上網(wǎng),通常情況下,這個公網(wǎng)IP是防火墻的IP,即內(nèi)網(wǎng)公網(wǎng)IP。這個IP默認(rèn)情況下管理員為了便于管理,會打開http、https、ssh等端口。這樣容易被外網(wǎng)的人猜測到密碼,F(xiàn)采取以下措施:
  開放系統(tǒng)的相關(guān)服務(wù):
  set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
  set system services ssh
  set system services telnet
  set system services web-management http interface ge-0/0/3.0
  set system services web-management https system-generated-certificate
  set system services web-management https interface ge-0/0/1.0
  set security zones security-zone trust host-inbound-traffic system-services all
  set security zones security-zone trust host-inbound-traffic protocols all
  set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services dhcp
  set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
  set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services http
  set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services https
  set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services ssh
  現(xiàn)思路如下:
  將該公網(wǎng)的ip的服務(wù)關(guān)閉,然后將防火墻內(nèi)網(wǎng)IP的管理端口映射到其它公網(wǎng)的某個端口
  delete security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
  /*/建立元素
  set security zones security-zone trust address-book address juniper2541 192.168.254.1/32
  #建立NAT
  set security nat destination pool 2541 address 192.168.254.1/32
  set security nat destination pool 2541 address port 22
  set security nat destination rule-set 1 rule 2541 match source-address 0.0.0.0/0
  set security nat destination rule-set 1 rule 2541 match destination-address 113.106.95.x/32
  set security nat destination rule-set 1 rule 2541 match destination-port 1055
  set security nat destination rule-set 1 rule 2541 then destination-nat pool 2541
  #建立策略
  set security policies from-zone untrust to-zone trust policy yc2541 match source-address any
  set security policies from-zone untrust to-zone trust policy yc2541 match destination-address juniper2541
  set security policies from-zone untrust to-zone trust policy yc2541 match application juniper1055
  set security policies from-zone untrust to-zone trust policy yc2541 then permit

億恩科技地址(ADD):鄭州市黃河路129號天一大廈608室 郵編(ZIP):450008 傳真(FAX):0371-60123888
   聯(lián)系:億恩小凡
   QQ:89317007
   電話:0371-63322206
 


本文出自:億恩科技【1tcdy.com】

服務(wù)器租用/服務(wù)器托管中國五強(qiáng)!虛擬主機(jī)域名注冊頂級提供商!15年品質(zhì)保障!--億恩科技[ENKJ.COM]
  • 您可能在找
  • 億恩北京公司:
  • 經(jīng)營性ICP/ISP證:京B2-20150015
    •
  • 億恩鄭州公司:
  • 經(jīng)營性ICP/ISP/IDC證:豫B1.B2-20060070
    •
  • 億恩南昌公司:
  • 經(jīng)營性ICP/ISP證:贛B2-20080012
    •
  • 服務(wù)器/云主機(jī) 24小時售后服務(wù)電話:0371-60135900
  • 虛擬主機(jī)/智能建站 24小時售后服務(wù)電話:0371-60135900
    •
    專注服務(wù)器托管17年
    掃掃關(guān)注-微信公眾號
    0371-60135900
    Copyright© 1999-2019 ENKJ All Rights Reserved 億恩科技 版權(quán)所有  地址:鄭州市高新區(qū)翠竹街1號總部企業(yè)基地億恩大廈  法律顧問:河南亞太人律師事務(wù)所郝建鋒、杜慧月律師   京公網(wǎng)安備41019702002023號
      0
     
     
     
     

    0371-60135900
    7*24小時客服服務(wù)熱線