Ping通Juniper SRX防火牆接口條件

原創 handsomelbl 2018-09-12 02:36

Juniper SRX防火牆接口包括兩種:

1、管理接口,默認爲fxp0

2、業務接口,這裏通常是指配置用來跑業務的板卡接口,如:SRX3k SFB 12GE(8x 1GE-TX 4x 1GE-SFP)

 

對於管理接口,配置IP後即可ping通

netscreen@SRX3600# set interfaces fxp0 unit 0 family inet address 10.200.27.156/16

C:\>ping 10.200.27.156

Pinging 10.200.27.156 with 32 bytes of data:

Reply from 10.200.27.156: bytes=32 time<1ms TTL=64
Reply from 10.200.27.156: bytes=32 time<1ms TTL=64
Reply from 10.200.27.156: bytes=32 time<1ms TTL=64
Reply from 10.200.27.156: bytes=32 time<1ms TTL=64

Ping statistics for 10.200.27.156:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

如果需要telnet/ssh管理接口IP地址,則還需要放開系統層面級的telnet/ssh服務:

netscreen@SRX3600# set system services ssh
netscreen@SRX3600# set system services telnet

 

對於業務接口,僅僅配置IP地址無法ping:

netscreen@SRX3600# set interfaces ge-0/0/0 unit 0 family inet address 10.200.51.203/16

C:\>ping 10.200.51.203

Pinging 10.200.51.203 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.200.51.203:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

還需要該接口分配到相應的Zones,同時開放相應的服務(ping/telnet/ssh):

netscreen@SRX3600# set security zones security-zone untrust interfaces ge-0/0/0.0
netscreen@SRX3600# set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
netscreen@SRX3600# set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services telnet
netscreen@SRX3600# set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh

 

C:\>ping 10.200.51.203

Pinging 10.200.51.203 with 32 bytes of data:

Reply from 10.200.51.203: bytes=32 time<1ms TTL=64
Reply from 10.200.51.203: bytes=32 time<1ms TTL=64
Reply from 10.200.51.203: bytes=32 time<1ms TTL=64
Reply from 10.200.51.203: bytes=32 time<1ms TTL=64

Ping statistics for 10.200.51.203:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

C:\>telnet 10.200.51.203

SRX3600B (ttyp1)

login:

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

Ping命令幕後過程及其返回信息分析

mapdll 2019-02-23 13:02:47

Linux禁Ping的方法

heng2535112 2019-02-22 23:31:06

Ping經過路由器的運行過程解析

xingfan0396 2019-02-22 22:59:07

在flannel 網絡中A主機 pod 1 ping 不通 B主機的 pod2 的幾個原因

lixianfa1110 2019-01-24 17:22:54

Kubernetes集成Calico + 遇到的問題

店家小二 2018-12-17 21:41:19

k8s使用kube-router網絡組件並實現網絡隔離

店家小二 2018-12-17 20:41:03

[雪峯磁針石博客]python網絡作業:使用python的socket庫實現ICMP協議的ping

書籍尋找 2018-11-26 09:29:32

無法連接windows實例的問題排查

lulullll 2018-11-10 17:47:26

兄弟連區塊鏈教程Fabric1.0源代碼分析gRPC(Fabric中註冊的gRPC Service)二

區塊鏈教程 2018-11-08 15:20:28

區塊鏈教程Fabric1.0源代碼分析流言算法Gossip服務端一兄弟連區塊鏈教程

郭子樂 2018-10-31 17:29:23

macvlan和pipework

對蝸牛彈琴 2018-09-27 16:47:25

Juniper SRX防火牆入門之如何創建Zone

handsomelbl 2019-02-22 21:19:03

Juniper SRX密碼恢復

boochem 2019-02-22 15:34:21

Juniper SRX(Junos)配置撥號*** (Dynamic ***)

lz_yq 2019-02-22 14:28:44

SRX 配置策略與IDS日誌

gzyxd 2018-09-21 02:26:21