多平台统一管理软件接口,如何实现多平台统一管理软件接口
1585
2022-10-08
SSG550防火墙调试(juniper ssg5防火墙配置)
SSG550防火墙调试(juniper ssg5防火墙配置)
一、常用命令
1、?
ssg550-01-> ?
clear clear dynamic system info
delete delete persistent info in flash
exec exec system commands
exit exit command console
get get system information
mtrace multicast traceroute from source to destination
ping ping other host
reset reset system
save save command
set configure system parameters
telnet Telnet other hostname
trace-route trace route
unset unconfigure system parameters
2、set hostname ssg550-01
ssg550-01-> get hostname
Hostname: ssg550-01
3、get session
ssg550-01-> get session
alloc 0/max 256064, alloc failed 0, mcast alloc 0, di alloc failed 0
total reserved 0, free sessions in shared pool 256064
Total 0 sessions shown
4、get system
ssg550-01-> get system
Product Name: SSG-550M
Serial Number: JN123B23EADB, Control Number: 00000000
Hardware Version: REV 19(0)-(00), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)
Software Version: 6.3.0r22.0, Type: Firewall+VPN
Feature: AV-K
BOOT Loader Version: 1.0.4
Compiled by build_master at: Wed Mar 9 07:57:21 PST 2016
Base Mac: 84b5.9c21.e508
File Name: screenos_image, Checksum: 5c94b273
, Total Memory: 1024MB
Date 05/22/2020 17:25:44, Daylight Saving Time enabled
The Network Time Protocol is Disabled
Up 0 hours 22 minutes 38 seconds Since 22May2020:17:03:06
Total Device Resets: 0
System in NAT/route mode.
Use interface IP, Config Port: 80
Manager IP enforced: False
Manager IPs: 0
Address Mask Vsys
---------------------------------------- ---------------------------------------- --------------------
User Name: netscreen
Interface ethernet0/0:
description ethernet0/0
number 0, if_info 0, if_index 0, mode nat
if_signature 0x4e53434e
sess token 3, flow flag 0x0 if flag 0x1122f200 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Trust, vr trust-vr
hwif ethernet0/0 flag 0x1122f200 flag2 0x0 flag3 0x10000000, vsys Root
dhcp client disabled
PPPoE disabled
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 192.168.1.1/24 mac 84b5.9c21.e500
*manage ip 192.168.1.1, mac 84b5.9c21.e500
route-deny disable
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet0/1:
description ethernet0/1
number 5, if_info 163800, if_index 0, mode nat
if_signature 0x4e53434e
sess token 13, flow flag 0x0 if flag 0x10001200 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone DMZ, vr trust-vr
hwif ethernet0/1 flag 0x10001200 flag2 0x0 flag3 0x10000000, vsys Root
dhcp client disabled
PPPoE disabled
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 84b5.9c21.e505
*manage ip 0.0.0.0, mac 84b5.9c21.e505
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet0/2:
description ethernet0/2
number 6, if_info 196560, if_index 0, mode route
if_signature 0x4e53434e
sess token 4, flow flag 0x62 if flag 0x10000203 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Untrust, vr trust-vr
hwif ethernet0/2 flag 0x10000203 flag2 0x0 flag3 0x10000000, vsys Root
dhcp client disabled
PPPoE disabled
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 84b5.9c21.e506
*manage ip 0.0.0.0, mac 84b5.9c21.e506
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet0/3:
description ethernet0/3
number 7, if_info 229320, if_index 0
if_signature 0x4e53434e
sess token 7, flow flag 0x0 if flag 0x14000040 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone HA, vr trust-vr
hwif ethernet0/3 flag 0x10000040 flag2 0x0 flag3 0x10000000, vsys Root
*ip 0.0.0.0/0 mac 84b5.9c21.e507
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet1/0:
description ethernet1/0
number 8, if_info 262080, if_index 0
if_signature 0x4e53434e
sess token 0, flow flag 0x0 if flag 0x10000200 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
hwif ethernet1/0 flag 0x10000200 flag2 0x0 flag3 0x10000000, vsys Root
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 84b5.9c21.e508
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet1/1:
description ethernet1/1
number 9, if_info 294840, if_index 0
if_signature 0x4e53434e
sess token 0, flow flag 0x0 if flag 0x10000200 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
hwif ethernet1/1 flag 0x10000200 flag2 0x0 flag3 0x10000000, vsys Root
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 84b5.9c21.e509
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet1/2:
description ethernet1/2
number 10, if_info 327600, if_index 0
if_signature 0x4e53434e
sess token 0, flow flag 0x0 if flag 0x10000200 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
hwif ethernet1/2 flag 0x10000200 flag2 0x0 flag3 0x10000000, vsys Root
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 84b5.9c21.e50a
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet1/3:
description ethernet1/3
number 11, if_info 360360, if_index 0
if_signature 0x4e53434e
sess token 0, flow flag 0x0 if flag 0x10000200 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
hwif ethernet1/3 flag 0x10000200 flag2 0x0 flag3 0x10000000, vsys Root
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 84b5.9c21.e50b
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet1/4:
description ethernet1/4
number 12, if_info 393120, if_index 0
if_signature 0x4e53434e
sess token 0, flow flag 0x0 if flag 0x10000200 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
hwif ethernet1/4 flag 0x10000200 flag2 0x0 flag3 0x10000000, vsys Root
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 84b5.9c21.e50c
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet1/5:
description ethernet1/5
number 13, if_info 425880, if_index 0
if_signature 0x4e53434e
sess token 0, flow flag 0x0 if flag 0x10000200 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
hwif ethernet1/5 flag 0x10000200 flag2 0x0 flag3 0x10000000, vsys Root
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 84b5.9c21.e50d
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet1/6:
description ethernet1/6
number 14, if_info 458640, if_index 0
if_signature 0x4e53434e
sess token 0, flow flag 0x0 if flag 0x10000200 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
hwif ethernet1/6 flag 0x10000200 flag2 0x0 flag3 0x10000000, vsys Root
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 84b5.9c21.e50e
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet1/7:
description ethernet1/7
number 21, if_info 687960, if_index 0
if_signature 0x4e53434e
sess token 0, flow flag 0x0 if flag 0x10000200 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Null, vr untrust-vr
hwif ethernet1/7 flag 0x10000200 flag2 0x0 flag3 0x10000000, vsys Root
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 0.0.0.0/0 mac 84b5.9c21.e515
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
5、get chassis
ssg550-01-> get chassis
Chassis Environment:
Power Supply: One power supply is down
Fan1 Status: Good
Fan2 Status: Good
Fan3 Status: Good
CPU Temperature: 120'F ( 49'C)
System Temperature: 68'F ( 20'C)
Alarm Control Information:
Power failure audible alarm: disabled
Fan failure audible alarm: disabled
Temperature audible alarm: disabled
CPU alarm temperature is 194'F (90'C)
System alarm temperature is 149'F (65'C)
Slot Information:
Slot Name Status Asm-id Serial Number Version
0 mgt Online 01bf JN123B23EADB REV 19
1 8-gbsw-tx-s Online 0732 ACLW7191 REV 13
2 Empty
3 Empty
4 Empty
5 Empty
6 Empty
6、get interface
ssg550-01-> get interface
A - Active, I - Inactive, U - Up, D - Down, R - Ready
Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD
eth0/0 192.168.1.1/24 Trust 84b5.9c21.e500 - D -
eth0/1 0.0.0.0/0 DMZ 84b5.9c21.e505 - D -
eth0/2 0.0.0.0/0 Untrust 84b5.9c21.e506 - D -
eth0/3 0.0.0.0/0 HA 84b5.9c21.e507 - D -
eth1/0 0.0.0.0/0 Null 84b5.9c21.e508 - D -
eth1/1 0.0.0.0/0 Null 84b5.9c21.e509 - D -
eth1/2 0.0.0.0/0 Null 84b5.9c21.e50a - D -
eth1/3 0.0.0.0/0 Null 84b5.9c21.e50b - D -
eth1/4 0.0.0.0/0 Null 84b5.9c21.e50c - D -
eth1/5 0.0.0.0/0 Null 84b5.9c21.e50d - D -
eth1/6 0.0.0.0/0 Null 84b5.9c21.e50e - D -
eth1/7 0.0.0.0/0 Null 84b5.9c21.e515 - D -
vlan1 0.0.0.0/0 VLAN 84b5.9c21.e50f 1 D -
null 0.0.0.0/0 Null N/A - U -
ssg550-01-> get interface eth0/0
Interface ethernet0/0:
description ethernet0/0
number 0, if_info 0, if_index 0, mode nat
if_signature 0x4e53434e
sess token 3, flow flag 0x0 if flag 0x1122f200 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Trust, vr trust-vr
hwif ethernet0/0 flag 0x1122f200 flag2 0x0 flag3 0x10000000, vsys Root
dhcp client disabled
PPPoE disabled
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 192.168.1.1/24 mac 84b5.9c21.e500
*manage ip 192.168.1.1, mac 84b5.9c21.e500
route-deny disable
pmtu-v4 disabled
ping enabled, telnet enabled, SSH enabled, SNMP enabled
web enabled, ident-reset disabled, SSL enabled
DNS Proxy disabled, webauth disabled, g-arp enabled, webauth-ip 0.0.0.0
OSPF disabled OSPFv3 disabled BGP disabled RIP disabled RIPng disabled
mtrace disabled
PIM: not configured IGMP not configured
MLD not configured
NHRP disabled
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
DHCP-Relay disabled at interface level
DHCP-server disabled
7、get counter statistics
Hardware counters for interface ethernet0/0:
in bytes 0 | out bytes 0 | early frame 0
in packets 0 | out packets 0 | late frame 0
in no buffer 0 | out no buffer 0 | re-xmt limit 0
in overrun 0 | out underrun 0 | drop vlan 0
in coll err 0 | out coll err 0 | out cs lost 0
in misc err 0 | out misc err 0 |
in dma err 0 | out bs pak 0 |
in crc err 0 | out discard 0 |
in align err 0 | out defer 0 |
in short frame 0 | out heartbeat 0 |
Hardware 64-bit counters for interface ethernet0/0:
in bytes 0 | out bytes 0
in ucast 0 | out ucast 0
in mcast 0 | out mcast 0
in bcast 0 | out bcast 0
Total flow counters for interface ethernet0/0:
in bytes 0 | out bytes 0 | tcp proxy 0
in packets 0 | out packets 0 | tear drop 0
in vlan 0 | out vlan 0 | in permit 0
out permit 0 | src route 0 | no g-parent 0
ping of death 0 | no gate sess 0 | address spoof 0
in icmp 0 | no nat vector 0 | land attack 0
in self 0 | no map 0 | icmp flood 0
in un-auth 0 | no conn 0 | no arp entry 0
udp flood 0 | in unk prot 0 | no dip 0
winnuke 0 | in vpn 0 | no gate 0
port scan 0 | in other 0 | no xmit vpnf 0
ip sweep 0 | no mac 0 | no route 0
tcp out of seq 0 | mac relearn 0 | no frag sess 0
wrong intf 0 | slow mac 0 | no frag netpak 0
wrong slot 0 | trmng queue 0 | no sa 0
icmp broadcast 0 | trmng drop 0 | no sa policy 0
illegal pak 0 | tiny frag 0 | sa inactive 0
url block 0 | syn frag 0 | sa policy deny 0
encrypt fail 0 | connections 0 | policy deny 0
mp fail 0 | misc prot 0 | auth deny 0
auth fail 0 | loopback drop 0 | big bkstr 0
proc sess 0 | mal url 0 | sessn thresh 0
invalid zone 0 | null zone 0 | no nsp-tunnel 0
IP cls failure 0 | first pak frag 0 | unknown pak 0
multiauth drop 0 | multi-DIP drop 0 | tcp sweep 0
udp sweep 0 | tcp check drop 0 |
8、get route
ssg550-01-> get route
IPv4 Dest-Routes for
--------------------------------------------------------------------------------------
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP/RIPng P: Permanent D: Auto-Discovered
N: NHRP
iB: IBGP eB: EBGP O: OSPF/OSPFv3 E1: OSPF external type 1
E2: OSPF/OSPFv3 external type 2 trailing B: backup route
IPv4 Dest-Routes for
--------------------------------------------------------------------------------------
ID IP-Prefix Interface Gateway P Pref Mtr Vsys
--------------------------------------------------------------------------------------
2 192.168.1.1/32 eth0/0 0.0.0.0 H 0 0 Root
1 192.168.1.0/24 eth0/0 0.0.0.0 C 0 0 Root
9、set service
ssg550-01-> set service ssh timeout 10
ssg550-01-> set service ftp ?
+ append service entry
protocol ip protocol
session-cache enable session cache for this service
timeout session timeout for service (1 - 2160)
10、get auth
ssg550-01-> get auth
Id : 0 Auth Server : Local
Type : Local Idle Timeout : 10
Forced Timeout: 0 (Disabled)
11、set interface e0/3 zone DMZ
ssg550-01-> set interface e0/3 zone DMZ
ssg550-01-> get interface
A - Active, I - Inactive, U - Up, D - Down, R - Ready
Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD
eth0/0 192.168.1.1/24 Trust 84b5.9c21.e500 - D -
eth0/1 0.0.0.0/0 DMZ 84b5.9c21.e505 - D -
eth0/2 0.0.0.0/0 Untrust 84b5.9c21.e506 - D -
eth0/3 0.0.0.0/0 DMZ 84b5.9c21.e507 - D -
eth1/0 0.0.0.0/0 Null 84b5.9c21.e508 - D -
eth1/1 0.0.0.0/0 Null 84b5.9c21.e509 - D -
eth1/2 0.0.0.0/0 Null 84b5.9c21.e50a - D -
eth1/3 0.0.0.0/0 Null 84b5.9c21.e50b - D -
eth1/4 0.0.0.0/0 Null 84b5.9c21.e50c - D -
eth1/5 0.0.0.0/0 Null 84b5.9c21.e50d - D -
eth1/6 0.0.0.0/0 Null 84b5.9c21.e50e - D -
eth1/7 0.0.0.0/0 Null 84b5.9c21.e515 - D -
vlan1 0.0.0.0/0 VLAN 84b5.9c21.e50f 1 D -
null 0.0.0.0/0 Null N/A- U -
12、get nsrp
ssg550-01-> get nsrp
nsrp version: 2.0
cluster info:
cluster id not set: nsrp is inactive
VSD group info:
init hold time: 8
heartbeat lost threshold: 3
heartbeat interval: 1000(ms)
master always exist: disabled
group priority preempt holddown inelig master PB other members myself uptime
total number of vsd groups: 0
Total iteration=0,time=0,max=0,min=0,average=0
RTO mirror info:
run time object sync: disabled
route synchronization: disabled
ping session sync: enabled
coldstart sync done
nsrp data packet forwarding is enabled
nsrp link info:
ha control link not available
ha data link not available
ha secondary path link not available
NSRP encryption: disabled
NSRP authentication: disabled
device based nsrp monitoring threshold: 255, weighted sum: 0, not failed
device based nsrp monitor interface:
device based nsrp monitor zone:
device based nsrp track ip: (weight: 255, disabled)
number of gratuitous arps: 4 (default)
config sync: enabled
track ip: disabled
ssg550-01-> get nsrp cluster
cluster id not set: nsrp is inactive
13、set admin redirect
14、save config to tftp 1.1.1.1 123.cfg
ssg550-01-> save config to tftp 1.1.1.1 123.cfg
Read the current config.
Save configurations (3087 bytes) to 123.cfg on TFTP server 1.1.1.1.
tftp send rrq error
TFTP Failed
15、get policy
ssg550-01-> get policy
No policy!Default deny, Software based policy search, new policy enabled.
16、get performance
ssg550-01-> get performance cpu
Average System Utilization: 2%
Last 1 minute: 2%, Last 5 minutes: 2%, Last 15 minutes: 2%
ssg550-01-> get performance session
Last 1 minute: 0, Last 5 minute: 0, Last 15 minute: 0
alloc 0/max 256064, alloc failed 0, mcast alloc 0, di alloc failed 0
total reserved 0, free sessions in shared pool 256064
17、get tech-support
ssg550-01-> get tech-support | in get
get envar
get os
get memory
get net-pak
get chassis
get file
get cav
get system
get nvram
get performance
get vrouter protocol pim
get vrouter protocol nhrp
get vrouter protocol rip
get vrouter protocol bgp
get vrouter protocol ospf
get route
get session
get auth
get admin auth
get tcp
get mac-learn
get asp
get counter
get pki ldap-run
get ha
get dns
get vpnmonitor
get arp
get config
get core-dump
get license-key
get pim
18、set interface
ssg550-01-> set interface e0/2 ip 123.123.123.123/24
ssg550-01-> get inter
A - Active, I - Inactive, U - Up, D - Down, R - Ready
Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD
eth0/0 192.168.1.1/24 Trust 84b5.9c21.e500 - D -
eth0/1 0.0.0.0/0 DMZ 84b5.9c21.e505 - D -
eth0/2 123.123.123.123/24 Untrust 84b5.9c21.e506 - D -
eth0/3 0.0.0.0/0 HA 84b5.9c21.e507 - D -
eth1/0 0.0.0.0/0 Null 84b5.9c21.e508 - D -
eth1/1 0.0.0.0/0 Null 84b5.9c21.e509 - D -
eth1/2 0.0.0.0/0 Null 84b5.9c21.e50a - D -
eth1/3 0.0.0.0/0 Null 84b5.9c21.e50b - D -
eth1/4 0.0.0.0/0 Null 84b5.9c21.e50c - D -
eth1/5 0.0.0.0/0 Null 84b5.9c21.e50d - D -
eth1/6 0.0.0.0/0 Null 84b5.9c21.e50e - D -
eth1/7 0.0.0.0/0 Null 84b5.9c21.e515 - D -
vlan1 0.0.0.0/0 VLAN 84b5.9c21.e50f 1 D -
null 0.0.0.0/0 Null N/A- U -
ssg550-01-> set interface e0/2 phy full 100mb
19、get license-key
ssg550-01-> get license-key
Model: Advanced
Sessions: 256064 sessions
Capacity: unlimited number of users
NSRP: ActiveActive
VPN tunnels: 2048 tunnels
Vsys: None
Vrouters: 16 virtual routers
Zones: 60 zones
VLANs: 150 vlans
Drp: Enable
Deep Inspection: Enable
Deep Inspection Database Expire Date: Disable
Signature pack: Signature update key is missing
IDP: Disable
AV: Disable(0)
Anti-Spam: Disable(0)
Url Filtering: Disable
Update server url: nextwave.netscreen.com/key_retrieval
License key auto update : Disabled
Auto update interval : 0 days
20、get system
ssg550-01-> get sys
Product Name: SSG-550M
Serial Number: JN123B23EADB, Control Number: 00000000
Hardware Version: REV 19(0)-(00), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)
Software Version: 6.3.0r22.0, Type: Firewall+VPN
Feature: AV-K
BOOT Loader Version: 1.0.4
Compiled by build_master at: Wed Mar 9 07:57:21 PST 2016
Base Mac: 84b5.9c21.e508
File Name: unknown, Checksum: 5c94b273
, Total Memory: 1024MB
Date 05/22/2020 18:00:47, Daylight Saving Time enabled
The Network Time Protocol is Disabled
Up 0 hours 1 minutes 44 seconds Since 22May2020:17:59:03
Total Device Resets: 0
System in NAT/route mode.
Use interface IP, Config Port: 80
Manager IP enforced: False
Manager IPs: 0
Address Mask Vsys
---------------------------------------- ---------------------------------------- --------------------
User Name: netscreen
Interface ethernet0/0:
description ethernet0/0
number 0, if_info 0, if_index 0, mode nat
if_signature 0x4e53434e
sess token 3, flow flag 0x0 if flag 0x1122f200 flag2 0x0
link down, phy-link down, admin status up
status change:0
vsys Root, zone Trust, vr trust-vr
hwif ethernet0/0 flag 0x1122f200 flag2 0x0 flag3 0x10000000, vsys Root
dhcp client disabled
PPPoE disabled
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 192.168.1.1/24 mac 84b5.9c21.e500
*manage ip 192.168.1.1, mac 84b5.9c21.e500
route-deny disable
bandwidth: physical 0kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
Interface ethernet0/1:
description ethernet0/1
ssg550-01-> get sys | in Serial
Serial Number: JN123B23EADB, Control Number: 00000000
21、reset
ssg550-01-> unset all
Erase all system config, are you sure y/[n] ? y
ssg550-01-> reset
Configuration modified, save? [y]/n n
System reset, are you sure? y/[n] y
In reset ...
Trying to boot from Primary Compact Flash ...
二、恢复出厂设置
1、 设备开机状态下,使用插到设备正前方的reset口,有手感,直到等到status灯变成橙色,再变绿色后,针松开2秒钟,再将针插入reset孔不放直到灯变红,此时所有端口灯都会灭掉。针取出即可。最后设备会自动重启。设备即恢复出厂默认值。
2、 在Console模式下, get system命令或者机身上获取SN号,将SN号作为账号和密码输入,登录设备后,会提示设备是否要恢复出厂配置,按指示操作即可。
三、HA架构
1、主防火墙配置
unset interface eth0/3 ip 将接口的ip地址删除
set interface eth0/3 zone ha 将接口和HA区域绑定一起
SSG550-> set nsrp cluster id 1 设置cluster组号
SSG550(M)-> set nsrp vsd id 0 设置VSD的组号,这条命令可以不用输入,因为Netscreen防火墙的默认的虚拟安全数据库(VSD)的值是0。
SSG550(M)-> set nsrp vsd-group id 0 priority 50 设置NSRP主设备的优先权值,priority值越小,优先权越高。
SSG550(M)-> set nsrp rto syn 设置配置同步
SSG550(M)-> set nsrp vsd-group id 0 monitor interface eth0/1 设置防火墙监控的端口,假设端口1出现故障或所连接的交换机出现故障,防火墙的工作状态将切换到备份防火墙上。
SSG550(M)-> set nsrp vsd-group id 0 monitor interface eth0/2 设置防火墙监控的端口,假设端口2出现故障或所连接的交换机出现故障,防火墙的工作状态将切换到备份防火墙上。
注1:set nsrp vsd-group的两条必须在 set nsrp monitor之前创建,如果先monitor了就会导致连不上设备, 另外monitor的端口必须全都接上网线,否则用命令检测时会警告没有同步,表现为一台是绿色,另一台HA灯为红色
注2:如没有监控端口2,端口2出现故障或连接网络出现故障,将不会激活防火墙工作状态切换
get nsrp 查看冗余状态
SSG550(M)-> set nsrp vsd-group hb-interval 200 设置心跳信息每隔200秒将发出问候信息
SSG550(M)-> set nsrp vsd-group hb-threshold 3 设置心跳信息总共发出3次问候信息
SSG550(M)-> save
2、 备防火墙配置
unset all 恢复出厂状态
reset 重启 n-y
set interface eth0/3 zone ha 将接口和HA区绑定一起
(注意权值设置不一样,其余配置与主配置相同)
SSG550-> set nsrp cluster id 1 设置cluster组号
SSG550(B)-> set nsrp vsd id 0 设置VSD的组号,这条命令可以不用输入,因为Netscreen防火墙的默认的虚拟安全数据库(VSD)的值是0。
SSG550(B)-> set nsrp vsd-group id 0 priority 100 设置NSRP主设备的优先权值,priority值越小,优先权越高。
SSG550(B)-> set nsrp rto syn 设置配置同步
SSG550(B)-> set nsrp vsd-group id 0 monitor interface eth0/1 设置防火墙监控的端口,假设端口1出现故障或所连接的交换机出现故障,防火墙的工作状态将切换到备份防火墙上。
SSG550(B)-> set nsrp vsd-group id 0 monitor interface eth0/2 设置防火墙监控的端口,假设端口2出现故障或所连接的交换机出现故障,防火墙的工作状态将切换到备份防火墙上。
SSG550(B)-> set nsrp vsd-group hb-interval 200 设置心跳信息每隔200秒将发出问候信息
SSG550(B)-> set nsrp vsd-group hb-threshold 3 设置心跳信息总共发出3次问候信息
SSG550(B)-> save
在备机上同步配置
ns204(B)-> exec nsrp sync global-config check-sum (将两台设备的配置进行校检,如有不同,备份的设备将会在重启后把主设备上的配置导入备份主机中)
ns204(B)-> exec nsrp sync global-config save (如有不同,备份的设备将会在重启后把主设备上的配置导入备份主机中)
当设备重启后,HA告示灯颜色提示HA正常工作。
当设备正常运行时候,两台设备HA状态灯均为绿色闪烁,但是HA中备机HA指示灯显示为橘色。
如果某台设备的端口工作为DOWN的情况下,设备自动切换到另外一台主机,切换时间为1秒,并且此接口工作为DOWN的设备HA指示灯显示为红色。
在主设备上执行exec nsrp vsd 0 mode backup,将会执行主备设备手工切换。
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
相关文章
发表评论
暂时没有评论,来抢沙发吧~