12.
Configure basic security zones and bind them to traffic interfaces.
[edit]
admin#
set security zones security-zone untrust interfaces ge-0/0/1
13.
Configure basic security policies.
[edit]
admin#
set security policies from-zone trust to-zone untrust policy
policy-name
match
source-address any destination-address any application any
admin#
set security policies from-zone trust to-zone untrust policy
policy-name
then
permit
14.
Create a Network Address Translation (NAT) rule for source translation of all
Internet-bound traffic.
[edit]
admin#
set security nat source rule-set interface-nat from zone trust
admin#
set security nat source rule-set interface-nat to zone untrust
admin#
set security nat source rule-set interface-nat rule rule1 match source-address
0.0.0.0/0 destination-address 0.0.0.0/0
admin#
set security nat source rule-set interface-nat rule rule1 then source-nat interface
15.
Check the configuration for validity.
[edit]
admin#
commit check
configuration check succeeds
16.
Commit the configuration to activate it on the device.
[edit]
admin#
commit
commit complete
17.
Optionally, display the configuration to verify that it is correct.
[edit]
admin#
show
system {
host-name devicea;
domain-name lab.device.net;
domain-search [ lab.device.net device.net ];
backup-device 192.168.2.44;
time-zone America/Los_Angeles;
root-authentication {
ssh-rsa "ssh-rsa AAAAB3Nza...D9Y2gXF9ac==root@devicea.lab.device.net";
}
name-server {
10.148.2.32;
}
services {
}
ntp {
server 10.148.2.21;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
93
Copyright © 2016, Juniper Networks, Inc.
Chapter 16: Performing Initial Configuration