как прописать модуль SRX-MP-1T1E1 для Juniper srx240

Обсуждение техподдержки всего, для чего не нашлось соответствующего раздела.
Юрий Деревянко(yura)
Сообщения: 0
Зарегистрирован: 01 янв 1970 03:00

как прописать модуль SRX-MP-1T1E1 для Juniper srx240

Сообщение Юрий Деревянко(yura) » 10 ноя 2014 12:23

Подскажите пожалуйста как правильно прописать модуль SRX-MP-1T1E1 в данную конфигурацию, чтобы пошел голос.

groups {
juniper-ais {
system {
scripts {
commit {
allow-transients;
file jais-SN-activate-scripts.slax {
optional;
}
}
}
}
event-options {
destinations {
juniper-aim {
archive-sites {
/var/tmp/;
}
}
}
}
}
}
apply-groups juniper-ais;
system {
host-name BVK;
root-authentication {
encrypted-password br8elv; ## SECRET-DATA
}
login {
user admin {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$GxiChuUL$Vp39rBUWf.Hh031AfouVR1"; ## SECRET-DATA
}
}
}
services {
ftp;
ssh;
telnet;
web-management {
http;
https {
system-generated-certificate;
}
}
dhcp {
router {
10.23.43.129;
}
pool 10.23.43.128/25 {
address-range low 10.23.43.131 high 10.23.43.253;
}
}
}
syslog {
user * {
any emergency;
}
file default-log-messages {
any any;
match "(requested 'commit' operation)|(copying configuration to juniper.save)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|(vc add)|(vc delete)|transitioned|Transferred|transfer-file";
structured-data;
}
# -- Success & not success logins
file access.log {
authorization info;
archive size 10m files 3 no-world-readable;
}
# -- All facilities, level notice put in the file messages
file messages {
any notice;
archive size 10m files 6 no-world-readable;
}
# -- All typed commands from all users
file interactive-commands {
interactive-commands info;
archive size 10m files 3 no-world-readable;
}
#
# - log all changes in the state of alarms
file alarms {
kernel warning;
}
console {
any emergency;
}
time-format year millisecond;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 172.16.56.162/30;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 0.0.0.0/28;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 10.23.43.17/28;
}
}
}
ge-0/0/3 {
unit 0 {
family inet {
address 10.23.43.129/25;
}
}
}
}
snmp {
community JunoR {
authorization read-only;
}
community JunoRW {
authorization read-write;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 172.16.56.161;
}
}
security {
alg {
sip disable;
}
policies {
from-zone FSIN to-zone TRANS {
policy TO-GLOBAL {
match {
source-address LOCAL3;
destination-address GLOBAL_FSIN_UPRAVA;
application any;
}
then {
permit;
}
}
}
from-zone TRANS to-zone FSIN {
policy FROM-GLOBAL {
match {
source-address GLOBAL_FSIN_UPRAVA;
destination-address LOCAL3;
application any;
}
then {
permit;
}
}
}
from-zone VOICE to-zone TRANS {
policy FROM-VOICE {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone TRANS to-zone VOICE {
policy TO-VOICE {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
policy ADMIN202 {
match {
source-address any;
destination-address LOCAL2;
application [ junos-sip junos-http junos-ping ];
}
then {
permit;
}
}
}
from-zone Garn to-zone TRANS {
policy FROM-Garn {
match {
source-address LOCAL1;
destination-address GLOBAL_Gar;
application any;
}
then {
permit;
}
}
}
from-zone TRANS to-zone Garn {
policy TO-Garn {
match {
source-address GLOBAL_Gar;
destination-address LOCAL1;
application any;
}
then {
permit;
}
}
}
default-policy {
deny-all;
}
}
zones {
security-zone TRANS {
address-book {
address GLOBAL_UPRAVA 10.23.0.0/17;
address TRANS_CISCO 10.23.43.0/30;
address GLOBAL_FSIN_ALL 10.23.0.0/16;
address GLOBAL_Gar 10.23.2.0/24;
address-set GLOBAL_FSIN_UPRAVA {
address GLOBAL_UPRAVA;
address TRANS_CISCO;
}
}
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0;
}
}
security-zone Garn {
address-book {
address LOCAL1 0.0.0.0/28;
}
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/1.0;
}
}
security-zone VOICE {
address-book {
address LOCAL2 10.23.43.16/28;
}
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/2.0;
}
}
security-zone FSIN {
address-book {
address LOCAL3 10.23.43.128/25;
}
host-inbound-traffic {
system-services {
all;
http {
except;
}
https {
except;
}
}
protocols {
all;
}
}
interfaces {
ge-0/0/3.0;
}
}
}
}

Вернуться в «Техническая поддержка: Прочее»

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и 1 гость