In the following example, you configure interfaces, a NAT address pool, zones, and security policies for incoming and outgoing traffic:
- user@host# set interfaces ge-0/0/0 unit 0 family inet
address 10.1.1.1/24
- user@host# set interfaces fe-1/0/0 unit 0 family inet
address 1.1.1.1/24
- user@host# set security nat source-nat address-persistent
- user@host# set security nat interface fe-1/0/0.0 source-nat
pool p1 address-range low 1.1.1.12 high 1.1.1.150
- user@host# set security zones security-zone zone1 interfaces
ge-0/0/0.0
- user@host# set security zones security-zone zone1 address-book
address IP_Phone1 10.1.1.5/32
- user@host# set security zones security-zone zone1 address-book
address gatekeeper 10.1.1.25/32
- user@host# set security zones security-zone zone2 interfaces
fe-1/0/0.0
- user@host# set security zones security-zone zone2 address-book
address IP_Phone2 2.2.2.5/32
- user@host# set security zones Global
- user@host# set security policy from-zone zone1 to-zone
zone2 policy zone1_to_zone2 match source-address IP_Phone1
- user@host# set security policy from-zone zone1 to-zone
zone2 policy zone1_to_zone2 match source-address gatekeeper
- user@host# set security policy from-zone zone1 to-zone
zone2 policy zone1_to_zone2 match destination-address IP_Phone2
- user@host# set security policy from-zone zone1 to-zone
zone2 policy zone1_to_zone2 match application junos-h323
- user@host# set security policy from-zone zone1 to-zone
zone2 policy zone1_to_zone2 then permit source-nat pool p1
- user@host# set security policy from-zone zone2 to-zone
Global policy zone2_to_Global match source-address IP_Phone2
- user@host# set security policy from-zone zone2 to-zone
Global policy zone2_to_Global match destination-address incoming_nat_p1
- user@host# set security policy from-zone zone2 to-zone
Global policy zone2_to_Global match application junos-h323
- user@host# set security policy from-zone zone2 to-zone
Global policy zone2_to_Global then permit