52ky 发表于 2022-9-19 11:16:48

Juniper防火墙三种部署模式及基本配置

Juniper防火墙在实践的部署过程中主要有三种模式可供选择,这三种模式分别是:①基于TCP/IP协议三层的NAT模式;②基于TCP/IP协议三层的路由模式;③基于二层协议的透明模式。2.1、NAT模式当Juniper防火墙进口接口(“内网端口”)处于NAT模式时,防火墙将通往Untrust区(外网或许公网)的IP数据包中的两个组件进行转换:源IP地址和源端口号。防火墙使用Untrust区(外网或许公网)接口的IP地址更换始发端主机的源IP地址;一起使用由防火墙生成的任意端口号更换源端口号。NAT模式使用的环境特征:①注册IP地址(公网IP地址)的数量缺乏;②内部网络使用很多的非注册IP地址(私网IP地址)需求合法访问Internet;③内部网络中有需求外显并对外提供服务的服务器。2.2、Route-路由模式
Juniper防火墙三种部署模式及基本配置.pdf

(In the actual deployment process of Juniper firewall, there are three main modes to choose from. Transparent mode for layer protocols. 2.1. NAT mode When the Juniper firewall ingress interface ("intranet port") is in NAT mode, the firewall converts two components in the IP packet to the Untrust zone (external network or public network): source IP address and Source port number. The firewall replaces the source IP address of the originating host with the IP address of the interface in the Untrust zone (external network or public network); and replaces the source port number with an arbitrary port number generated by the firewall. The environmental characteristics of NAT mode use: ①The number of registered IP addresses (public network IP addresses) is lacking; ②The internal network uses a lot of non-registered IP addresses (private network IP addresses) to legally access the Internet; ③There are requirements in the internal network. The server that provides services to the outside world. 2.2, Route-Route mode
Three deployment modes and basic configuration of Juniper firewall.pdf)




页: [1]
查看完整版本: Juniper防火墙三种部署模式及基本配置