[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

CLI Configuration

  1. Configure interfaces.
    user@host# set interfaces ge-0/0/0 unit 0 family inet address 2.2.2.10/24
    user@host# set interfaces ge-0/0/1 unit 0 family inet address 3.3.3.10/24
    user@host# set interfaces ge-0/0/2 unit 0 family inet address 10.1.1.2/24
  2. Configure addresses.
    user@host# set security zones security-zone sf_2 address-book address sf_gw 2.2.2.201/32
    user@host# set security zones security-zone asia_3 address-book address asia_gw 3.3.3.110/32
    user@host# set security zones security-zone dmz address-book address west_ca 10.1.1.101/32
  3. Associate the zones and addresses to interfaces.
    user@host# set security zones security-zone sf_2 interfaces ge-0/0/0
    user@host# set security zones security-zone asia_3 interfaces ge-0/0/1
    user@host# set security zones security-zone dmz interfaces ge-0/0/2
  4. Configure zones sf_2, asia_3, and DMZ to allow incoming VoIP traffic.
    user@host# set security zones security-zone sf_2
    user@host# set security zones security-zone sf_2 host-inbound-traffic system-services all
    user@host# set security zones security-zone sf_2 host-inbound-traffic protocols all
    user@host# set security zones security-zone asia_3
    user@host# set security zones security-zone asia_3 host-inbound-traffic system-services all
    user@host# set security zones security-zone asia_3 host-inbound-traffic protocols all
    user@host# set security zones security-zone dmz
    user@host# set security zones security-zone dmz host-inbound-traffic system-services all
    user@host# set security zones security-zone dmz host-inbound-traffic protocols all
  5. Configure static NAT on interface ge-0/0/ and source NAT on interface ge-0/0/2.
    user@host# set security nat interface ge-0/0/1.0 static-nat 3.3.3.101/32 host 10.1.1.101/32
    user@host# set security nat interface ge-0/0/1.0 source-nat pool src-nat-pool address 2.2.2.10
  6. Configure policies.
    user@host# set security policies from-zone dmz to-zone asia_3 policy pol-dmz-to-asia_3 match source-address west_ca
    user@host# set security policies from-zone dmz to-zone asia_3 policy pol-dmz-to-asia_3 match destination-address asia_gw
    user@host# set security policies from-zone dmz to-zone asia_3 policy pol-dmz-to-asia_3 match application junos-mgcp
    user@host# set security policies from-zone dmz to-zone asia_3 policy pol-dmz-to-asia_3 then permit
    user@host# set security policies from-zone asia_3 to-zone dmz policy pol-asia_3-to-dmz match source-address asia_gw
    user@host# set security policies from-zone asia_3 to-zone dmz policy pol-asia_3-to-dmz match destination-address 3.3.3.101
    user@host# set security policies from-zone asia_3 to-zone dmz policy pol-asia_3-to-dmz match application junos-mgcp
    user@host# set security policies from-zone asia_3 to-zone dmz policy pol-asia_3-to-dmz then permit
    user@host# set security policies from-zone sf_2 to-zone dmz policy pol-sf_2-to-dmz match source-address sf_gw
    user@host# set security policies from-zone sf_2 to-zone dmz policy pol-sf_2-to-dmz match destination-address west-ca
    user@host# set security policies from-zone sf_2 to-zone dmz policy pol-sf_2-to-dmz match application junos-mgcp
    user@host# set security policies from-zone sf_2 to-zone dmz policy pol-sf_2-to-dmz then permit
    user@host# set security policies from-zone dmz to-zone sf_2 policy pol-dmz-to-sf_2 match source-address west_ca
    user@host# set security policies from-zone dmz to-zone sf_2 policy pol-dmz-to-sf_2 match destination-address sf_gw
    user@host# set security policies from-zone dmz to-zone sf_2 policy pol-dmz-to-sf_2 match application junos-mgcp
    user@host# set security policies from-zone dmz to-zone sf_2 policy pol-dmz-to-sf_2 then permit
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-sf_2-to-asia_3 match source-address sf_gw
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-sf_2-to-asia_3 match destination-address asia_gw
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-sf_2-to-asia_3 match application junos-mgcp
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-sf_2-to-asia_3 then permit source-nat pool src-nat-pool
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-sf_2-to-asia_3 match source-address sf_gw
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-sf_2-to-asia_3 match destination-address asia_gw
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-sf_2-to-asia_3 match application junos-mgcp
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-sf_2-to-asia_3 then permit source-nat pool src-nat-pool
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-intra-sf_2 match source-address any
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-intra-sf_2 match destination-address any
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-intra-sf_2 match application any
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-intra-sf_2 then permit
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-intra-asia_3 match source-address any
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-intra-asia_3 match destination-address any
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-intra-asia_3 match application any
    user@host# set security policies from-zone sf_2 to-zone asia_3 policy pol-intra-asia_3 then permit
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]