DNS configuration
set system name-server 202.83.21.12
set system name-server 202.83.20.102
Policy Command Equal to cisco network command
------------------------
We are publishing 103.42.115.0/24 and 103.50.32.0/23 network subnet to out side world(internet)
set policy-options policy-statement export_Network term t1 from protocol direct
set policy-options policy-statement export_Network term t1 from route-filter 103.42.115.0/24 exact
set policy-options policy-statement export_Network term t1 from route-filter 103.50.32.0/23 exact
set policy-options policy-statement export_Network term t1 then accept
set policy-options policy-statement export_Network term t2 from protocol bgp
set policy-options policy-statement export_Network term t2 then reject
set policy-options policy-statement Import _Network term t1 from protocol bgp
set policy-options policy-statement Import _Network term t1 then next-hop-self
set policy-options policy-statement Import _Network term t1 then accept
BGP
Router bgp 133668 (Cisco command)
network 103.42.115.0 mask 255.255.255.0(cisco command)
set routing-options autonomous-system 133668
set protocols bgp group ISP_PEER type Internal (Bgp type)
set protocols bgp group ISP_PEER export export_Network (Like route-map in cisco. Devices in juniper we cannot directly put network command, We need create policies to import and export network subnets )
set protocols bgp group ISP_PEER Import Import _Network
set protocols bgp group ISP_PEER peer-as 133668 (Ibgp peer)
set protocols bgp group ISP_PEER neighbor 106.51.230.137 (bgp Peer)
Default route command
----------------------
set routing-options static route 0.0.0.0/0 next-hop 106.51.230.137 (default route)
Interface configuration
----------------------------------
set interfaces ge-0/0/0 unit 0
set interfaces ge-0/0/1 description "****Connected To ISP ****"
set interfaces ge-0/0/1 per-unit-scheduler
set interfaces ge-0/0/1 unit 0 family inet address 106.51.230.138/30 (IP address assigned to interface)
Security zone configuration in SRX.
By default the port and zone will communicate to all (ALL to ALL)
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match application any
set security policies from-zone trust to-zone trust policy trust-to-trust then permit
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
Show commands for verification
----------------------------------
show bgp summary
show bgp neighbor
clear bgp neighbor
show route table
show interfaces terse
show security zones
set system name-server 202.83.21.12
set system name-server 202.83.20.102
Policy Command Equal to cisco network command
------------------------
We are publishing 103.42.115.0/24 and 103.50.32.0/23 network subnet to out side world(internet)
set policy-options policy-statement export_Network term t1 from protocol direct
set policy-options policy-statement export_Network term t1 from route-filter 103.42.115.0/24 exact
set policy-options policy-statement export_Network term t1 from route-filter 103.50.32.0/23 exact
set policy-options policy-statement export_Network term t1 then accept
set policy-options policy-statement export_Network term t2 from protocol bgp
set policy-options policy-statement export_Network term t2 then reject
set policy-options policy-statement Import _Network term t1 from protocol bgp
set policy-options policy-statement Import _Network term t1 then next-hop-self
set policy-options policy-statement Import _Network term t1 then accept
BGP
Router bgp 133668 (Cisco command)
network 103.42.115.0 mask 255.255.255.0(cisco command)
set routing-options autonomous-system 133668
set protocols bgp group ISP_PEER type Internal (Bgp type)
set protocols bgp group ISP_PEER export export_Network (Like route-map in cisco. Devices in juniper we cannot directly put network command, We need create policies to import and export network subnets )
set protocols bgp group ISP_PEER Import Import _Network
set protocols bgp group ISP_PEER peer-as 133668 (Ibgp peer)
set protocols bgp group ISP_PEER neighbor 106.51.230.137 (bgp Peer)
Default route command
----------------------
set routing-options static route 0.0.0.0/0 next-hop 106.51.230.137 (default route)
Interface configuration
----------------------------------
set interfaces ge-0/0/0 unit 0
set interfaces ge-0/0/1 description "****Connected To ISP ****"
set interfaces ge-0/0/1 per-unit-scheduler
set interfaces ge-0/0/1 unit 0 family inet address 106.51.230.138/30 (IP address assigned to interface)
Security zone configuration in SRX.
By default the port and zone will communicate to all (ALL to ALL)
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match application any
set security policies from-zone trust to-zone trust policy trust-to-trust then permit
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
Show commands for verification
----------------------------------
show bgp summary
show bgp neighbor
clear bgp neighbor
show route table
show interfaces terse
show security zones
No comments:
Post a Comment