Juniper防火墙中文配置解释对照表
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
参数
命令set clock dst-off
set clock ntp set clock timezone 8 set ntp server x.x.x.x
set ntp server backup1 "x.x.x.x"
set ntp server backup2 "x.x.x.x"
set ntp max-adjustment 0
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
unset alg sip enable
unset alg mgcp enable
unset alg sccp enable
unset alg sunrpc enable
unset alg msrpc enable
unset alg rtsp enable
unset alg h323 enable set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth-server "XXXX" id 1
set auth-server "XXXX" server-name "x.x.x.x"
set auth-server "XXXX" account-type admin
set auth default auth server "Local"
时区设置虚拟路由器设置ALG
set auth-server "XXXX" radius secret "xxxx"
set auth-server "ACS" radius port 1646set admin name "ccb"
set admin password "xxxxxxxxx"
set admin manager-ip x.x.x.x x.x.x.x
set admin auth timeout 10
set admin auth server "XXXX"
set admin auth banner console login "Access is…
set admin privilege get-external
set admin format dos
set zone "Trust" vrouter "untrust-vr"
set zone "Untrust" vrouter "untrust-vr"
set zone "DMZ" vrouter "untrust-vr"
unset zone "Trust" tcp-rst
set zone "Trust" block
unset zone "Untrust" tcp-rst
set zone "Untrust" block
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "Untrust" screen alarm-without-drop
ZONE设置
认证和管理员属性
set interface "ethernet1/1" zone "xxx"
set interface ethernet1/1 ip x.x.x.x/x set interface ethernet1/1 route
set interface ethernet1/1 manage-ip set interface ethernet1/1 ip manageable
set interface ethernet1/1 manage xxxx
unset flow tcp-syn-check
set flow tcp-syn-bit-check
set flow syn-proxy syn-cookie
set flow reverse-route clear-text pefer
set flow reverse-route tunnel always
set flow no-tcp-seq-check
set nsrp cluster id 1
set nsrp rto-mirror sync
set nsrp rto-mirror session ageout-ack
unset nsrp rto-mirror session ping
set nsrp vsd-group id 0 priority 20
set nsrp vsd-group id 0 monitor interface ethern
set nsrp monitor track-ip ip
set nsrp monitor track-ip ip x.x.x.x threshold 1
set nsrp vsd-group master-always-exist
set ntp no-ha-sync
接口设置Flow设置HA设置