没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
编号 : 530-017767-01-SC,修订本 02
概念与范例
ScreenOS 参考指南
第 1 卷 :
概述
版本
6.0.0
,修订本
02
ii
Copyright Notice
Copyright © 2007 Juniper Networks, Inc. All rights reserved.
Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other
trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective
owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for
any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication
without notice.
FCC Statement
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A
digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and
used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential
area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.
The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency
energy. If it is not installed in accordance with Juniper Networks’ installation instructions, it may cause interference with radio and television reception.
This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC
rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no
guarantee that interference will not occur in a particular installation.
If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user
is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Consult the dealer or an experienced radio/TV technician for help.
Connect the equipment to an outlet on a circuit different from that to which the receiver is connected.
Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device.
Disclaimer
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED
WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED
WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY.
目录 iii
目录
第 1 卷 :
概述
关于概念与范例 ScreenOS 参考指南 xlv
卷组织 ........................................................................................................ xlvii
文档约定......................................................................................................... lii
Web 用户界面约定 ................................................................................... lii
命令行界面约定....................................................................................... liii
命名约定和字符类型 ............................................................................... liii
插图约定 ................................................................................................. liv
技术文档和支持 .............................................................................................. lv
总索引 ........................................................................................................................IX-I
第 2 卷 :
基本原理
关于本卷 ix
文档约定..........................................................................................................x
Web 用户界面约定 ....................................................................................x
命令行界面约定........................................................................................ xi
命名约定和字符类型 ................................................................................ xi
插图约定 ................................................................................................. xii
技术文档和支持 ............................................................................................ xiii
第 1 章
ScreenOS 体系结构 1
安全区段..........................................................................................................2
安全区段接口...................................................................................................3
物理接口 ...................................................................................................3
子接口 .......................................................................................................3
虚拟路由器 ......................................................................................................4
策略 .................................................................................................................5
虚拟专用网 ......................................................................................................7
虚拟系统..........................................................................................................9
封包流序列 ....................................................................................................10
巨型帧 ...........................................................................................................12
ScreenOS 体系结构范例.................................................................................13
范例 : ( 第 1 部分 ) 具有六个区段的企业..................................................13
范例 : ( 第 2 部分 ) 六个区段的接口.........................................................15
范例 : ( 第 3 部分 ) 两个路由选择域.........................................................17
范例 : ( 第 4 部分 ) 策略...........................................................................19
iv 目录
概念与范例 ScreenOS 参考指南
第 2 章 区段 23
查看预配置区段 .............................................................................................24
安全区段........................................................................................................26
Global 区段..............................................................................................26
SCREEN 选项...........................................................................................26
将通道接口绑定到 Tunnel 区段......................................................................26
配置安全区段和 Tunnel 区段 .........................................................................28
创建区段 .................................................................................................28
修改区段 .................................................................................................28
删除区段 .................................................................................................29
功能区段........................................................................................................30
第 3 章
接口 31
接口类型........................................................................................................32
逻辑接口 .................................................................................................32
物理接口 ...........................................................................................32
无线接口 ...........................................................................................32
桥接组接口 .......................................................................................33
子接口 ..............................................................................................33
聚合接口 ...........................................................................................33
冗余接口 ...........................................................................................33
虚拟安全接口....................................................................................34
功能区段接口 ..........................................................................................34
管理接口 ...........................................................................................34
高可用性接口....................................................................................34
通道接口 .................................................................................................34
删除通道接口....................................................................................37
查看接口........................................................................................................38
配置安全区段接口 .........................................................................................39
将接口绑定到安全区段............................................................................39
解除接口与安全区段的绑定.....................................................................40
对 L3 安全区段接口进行编址 ..................................................................41
公共 IP 地址......................................................................................41
私有 IP 地址......................................................................................42
对接口进行编址 ................................................................................42
修改接口设置 ..........................................................................................43
在根系统中创建子接口............................................................................44
删除子接口..............................................................................................44
创建二级 IP 地址............................................................................................45
备份系统接口.................................................................................................46
配置备份接口 ..........................................................................................46
配置 IP 跟踪备份接口 .......................................................................46
配置 Tunnel-if 备份接口 ....................................................................48
配置路由监控备份接口 .....................................................................51
回传接口........................................................................................................52
创建回传接口 ..........................................................................................53
设置回传接口用于管理............................................................................53
在回传接口上设置 BGP............................................................................53
在回传接口上设置 VSI.............................................................................54
将回传接口设置为源接口 ........................................................................54
目录
目录
v
接口状态更改.................................................................................................55
物理连接监控 ..........................................................................................57
跟踪 IP 地址 ............................................................................................57
接口监控 .................................................................................................62
监控两个接口....................................................................................63
监控接口环 .......................................................................................64
安全区段监控 ..........................................................................................67
中断接口和信息流 ...................................................................................67
出口接口上的故障 ............................................................................68
入口接口上的故障 ............................................................................70
第 4 章
接口模式 73
透明模式........................................................................................................74
区段设置 .................................................................................................75
VLAN 区段 ........................................................................................75
预定义的第 2 层区段 ........................................................................75
信息流转发..............................................................................................75
未知单点传送选项 ...................................................................................76
泛滥方法 ...........................................................................................77
ARP/Trace-Route 方法.......................................................................78
配置 VLAN1 接口以进行管理 ............................................................80
配置透明模式....................................................................................82
NAT 模式 .......................................................................................................85
入站和出站 NAT 信息流 ..........................................................................86
接口设置 .................................................................................................87
配置 NAT 模式.........................................................................................87
路由模式........................................................................................................90
接口设置 .................................................................................................91
配置路由模式 ..........................................................................................91
第 5 章
为策略构建块 95
地址 ...............................................................................................................95
地址条目 .................................................................................................96
添加地址 ...........................................................................................96
修改地址 ...........................................................................................96
删除地址 ...........................................................................................97
地址组 .....................................................................................................97
创建地址组 .......................................................................................98
编辑地址组条目 ................................................................................99
移除成员和组....................................................................................99
服务 .............................................................................................................100
预定义的服务 ........................................................................................100
互联网控制信息协议 .......................................................................101
处理 ICMP 不可到达错误 ................................................................103
与互联网相关的预定义服务 ............................................................103
Microsoft 远程过程调用服务 ...........................................................104
动态路由协议..................................................................................106
流视频 ............................................................................................107
Sun 远程过程调用服务....................................................................107
安全和通道服务 ..............................................................................108
与 IP 相关的服务.............................................................................108
即时消息服务..................................................................................108
管理服务 .........................................................................................109
剩余81页未读,继续阅读
资源评论
cgjvcd
- 粉丝: 1
- 资源: 18
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功