Created
July 13, 2011 21:43
-
-
Save shamun/1081405 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| load factory-default | |
| ## root passwd | |
| set system root-authentication plain-text-password | |
| set system host-name srx210 | |
| ## Wan | |
| set interfaces ge-0/0/0 unit 0 family inet dhcp | |
| ## must for voip | |
| set security alg h323 disable | |
| set security alg sip disable | |
| ## Single port forwarding | |
| set security nat destination pool pool1 address 192.168.1.2/32 | |
| set security nat destination pool pool2 address 192.168.1.41/32 | |
| set security nat destination pool pool3 address 192.168.1.1/32 | |
| set security nat destination pool pool4 address 192.168.1.127/32 | |
| set security nat destination rule-set ruleset1 from zone untrust | |
| set security nat destination rule-set ruleset1 rule rule1 match destination-address 0.0.0.0/0 | |
| set security nat destination rule-set ruleset1 rule rule1 match destination-port 1111 | |
| set security nat destination rule-set ruleset1 rule rule1 then destination-nat pool pool1 | |
| set security nat destination rule-set ruleset1 rule rule2 match destination-address 0.0.0.0/0 | |
| set security nat destination rule-set ruleset1 rule rule2 match destination-port 49152 | |
| set security nat destination rule-set ruleset1 rule rule2 then destination-nat pool pool1 | |
| set security nat destination rule-set ruleset1 rule rule3 match destination-address 0.0.0.0/0 | |
| set security nat destination rule-set ruleset1 rule rule3 match destination-port 49500 | |
| set security nat destination rule-set ruleset1 rule rule3 then destination-nat pool pool1 | |
| set security nat destination rule-set ruleset1 rule rule4 match destination-address 0.0.0.0/0 | |
| set security nat destination rule-set ruleset1 rule rule4 match destination-port 5900 | |
| set security nat destination rule-set ruleset1 rule rule4 then destination-nat pool pool2 | |
| set security nat destination rule-set ruleset1 rule rule5 match destination-address 0.0.0.0/0 | |
| set security nat destination rule-set ruleset1 rule rule5 match destination-port 22 | |
| set security nat destination rule-set ruleset1 rule rule5 then destination-nat pool pool3 | |
| ## DMZ | |
| set security zones security-zone trust address-book address mydmz 192.168.1.127/32 | |
| set security policies from-zone untrust to-zone trust policy server-access match source-address any destination-address mydmz application any | |
| set security policies from-zone untrust to-zone trust policy server-access then permit | |
| set security nat destination rule-set ruleset1 rule rule6 match destination-address 0.0.0.0/0 | |
| set security nat destination rule-set ruleset1 rule rule6 then destination-nat pool pool4 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment