SOURCECODEBD.NET

Live Experience

Configuring a Filter to Block Telnet and SSH Access on JUNIPER

First need to create Allow Rules for IP Block and port. Here I use allowed IP Block 192.168.1.0/24 and allowed port ssh and telent.

#set firewall family inet filter Telnet_SSH_Access term Telnet_SSH_Allow from address 192.168.1.0/24
#set firewall family inet filter Telnet_SSH_Access term Telnet_SSH_Allow from protocol tcp

Read more...

Setting Up a Simple Layer 3 VPN
 
You want to set up a Layer 3 VPN for a customer who wants a private network for internal network communication and transactions.
 
Creating a Layer VPN for the customer involves setting up your PE and P routers. The customer (or you) can set up the customer's routers (the CE routers). The PE and P routers must run an IGP, IBGP, MPLS, and a signaling protocol (RSVP or LDP). You establish an MPLS LSP between the PE routers and configure the VPN itself on the PE routers.

Read more...

Adding a VPN for a Second Customer
 
You want to configure a single PE router to keep the traffic for the two different VPNs separated.
Configure the VPN for the second customer on the PE router:
 
[edit  
routing-instances VPN1 ]
source@RouterB# set instance-type vrf 
source@RouterB# set interface ge-3/0/0 

Read more...

Juniper Route Preference Value
 
Ranks routes received from different sources
Primary criterion for selecting the active route
Used as a tiebreaker when the same destination prefix is available through multiple sources

Read more...

How Juniper Routing Policy Works.
 
A advantage of route lists over prefix lists is that each prefix can include an action. When a match occurs, the action is taken immediately instead of waiting to reach the then clause. When the list of prefixes is long, this speeds up the processing of routing traffic. The following simple policy illustrates how this works:

Read more...

Viewing the VPN Routing Tables
 
You want to check the routing tables on the PE routers to determine that they contain all the expected routes.
 
The show route command displays the contents of all routing tables on the PE router:
 
source@RouterB> show route
inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden)

Read more...

Filtering Routes by IP Address with Prefix List

You need to reject all routes to certain IP addresses because you don't want to install them into the routing table.

Create a list of all the IP address prefixes:

Read more...

Juniper Creating Policy with Term
 
Here I create three terms on a single policy-statement. Policy Statement Name is "Upstream". First term name ISP-1, Second term ISP-2, Third term name is ISP-3 and Finally I make term that is Reject. That mean only those prefixes will advertise and all other are reject.
 
# set policy-options policy-statement Upstream term ISP-1 from route-filter 172.16.0.0/24 exact

Read more...

Juniper Create Routing Policy with Filtering Long Prefixes
 
If you want to install IP address prefixes longer than 172.18.20.0/19 in the routing table.
Create a filter that identifies the long prefixes:
[edit policy-options policy-statement prefixes-to-exclude term 1]

Read more...

Creating a Simple Routing Policy

You want to advertise configured static routes to adjacent OSPF neighbors, going beyond the OSPF default of advertising only the routes learned from an OSPF neighbor.

Read more...

Juniper NAT Configuration in SRX and all other firewall.
 
First, you need to create a POOL. Here I use a single IP 1.1.1.1/32 to my pool. This is Public IP.
My POOL Name: "WAN-Pool". You can give any name here.
 
# set security nat source pool WAN-Pool address 1.1.1.1/32;
 
Second, you need to declare nat source ZONE information.

Read more...

Juniper Basic ZONE Configuration
 
At first you must diclair ZONE information at any Juniper firewall device.
Here I describe two types of ZONE with simpleast way. Trust and Untrust.
 
Basically TRUST zone is your LAN SIDE
And UNTRUST zone is your WAN SIDE.
 
First, you need to configure permission level from TRUST to UNTRUST. That mean from LAN to WAN Network.

Read more...

Related Articles

You are here: Home / Firewall & Policy