juniper SRX 地址映射（juniper berry）

juniper SRX 地址映射（juniper berry）

需求说明：公网122.93.43.X:16927 映射 内网 10.100.124.200:80

定义内网地址set security nat destination pool srv200-80 address 10.100.124.200/32定义内网端口号set security nat destination pool srv200-80 address port 80定义公网地址+端口edit security nat destinationset rule-set untrust-trust-set rule un122-srv200-443 match source-address 0.0.0.0/0set rule-set untrust-trust-set rule un122-srv200-443 match destination-address 122.93.43.X/32set rule-set untrust-trust-set rule un122-srv200-443 match destination-port 16927 ##公网端口set rule-set untrust-trust-set rule un122-srv200-443 match protocol tcpset rule-set untrust-trust-set rule un122-srv200-443 then destination-nat pool srv200-80

定义内网协议+端口

set applications application tcp-80 protocol tcpset applications application tcp-80 destination-port 80

定义内网地址

set security zones security-zone trust address-book address srv200 10.100.124.200

定义策略edit security policies from-zone untrust to-zone trustset policy utot-srv11-3389 match source-address anyset policy utot-srv11-3389 match destination-address srv200set policy utot-srv11-3389 match application tcp-80 ###### 定义内网真实端口####set policy utot-srv11-3389 match application junios-policy utot-srv11-3389 then permit

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。