Versions Compared

Old Version 4

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version 5

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

http://oneconfig.com/solutions/by-use-case/srx-evaluations/

1- delete all config
2- add mgt address
3- copy and paste the OneConfig 




1- delete all config

delete

!! request system zeroize   !!! becarefuldelete

2- add mgt address

1.1 functional zone ( management zone)


3- copy and paste the OneConfig 

load set terminal                   >>>>>> CTRL + d  ( at the end ) +then commit


set system host-name SRXbuffalo
set system name-server 8.8.8.8
set system name-server 8.8.4.4
set system services ssh
set system services web-management https interface ge-0/0/0.0
set system services web-management https system-generated-certificate
set system syslog archive size 100k
set system login announcement "BUFFALO GOLDEN CONFIG V2.6"
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system name-resolution no-resolve-on-input
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set services ssl initiation profile ssli protocol-version all
set services ssl initiation profile ssli actions ignore-server-auth-failure
set services ssl initiation profile ssli trusted-ca all
set services ssl initiation profile ssli actions crl disable
set security log mode stream
set security log format sd-syslog
set security log source-interface ge-0/0/0.0
set security log transport protocol tls
set security log transport tls-profile ssli
set security log stream oneconfig severity debug
set security log stream oneconfig category all
set security log transport protocol tls tcp-connections 1
set security log stream oneconfig rate-limit 300
set interfaces ge-0/0/0 unit 0 family inet dhcp
set interfaces ge-0/0/0 description " Outbound interface to the Internet "
set security zones security-zone LAN-ACCESS host-inbound-traffic protocols all
set security zones security-zone LAN-ACCESS interfaces ge-0/0/0.0
set security zones security-zone LAN-ACCESS host-inbound-traffic system-services all
delete system autoinstallation
set chassis alarm management-ethernet link-down ignore
set interfaces ge-0/0/1 promiscuous-mode
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24
set interfaces ge-0/0/1 description " Tap Mode "
set interfaces ge-0/0/1 unit 0 family inet address 192.168.255.1/24 arp 192.168.255.254 mac 00:00:01:01:01:01
set routing-instances Sniffer instance-type virtual-router
set routing-instances Sniffer routing-options static route 0.0.0.0/0 next-hop 192.168.255.254
set routing-instances Sniffer interface ge-0/0/1.0
set vlans eval vlan-id 10
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members eval
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members eval
set interfaces ge-0/0/2 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/3 unit 0 family ethernet-switching interface-mode access
set services application-identification
set security application-tracking
set security application-tracking session-update-interval 180
set security flow tcp-session no-syn-check
set security flow tcp-session no-sequence-check
set security forwarding-process enhanced-services-mode
set security zones security-zone Sniffer host-inbound-traffic protocols all
set security zones security-zone Sniffer host-inbound-traffic system-services all
set security zones security-zone Sniffer interfaces ge-0/0/1.0
set security zones security-zone Sniffer application-tracking
set security policies from-zone Sniffer to-zone Sniffer policy Sniffer1 match source-address any
set security policies from-zone Sniffer to-zone Sniffer policy Sniffer1 match destination-address any
set security policies from-zone Sniffer to-zone Sniffer policy Sniffer1 match application any
set security policies from-zone Sniffer to-zone Sniffer policy Sniffer1 then permit application-services idp
set security policies from-zone Sniffer to-zone Sniffer policy Sniffer1 then permit application-services utm-policy UTM-POC
set security policies from-zone Sniffer to-zone Sniffer policy Sniffer1 then log session-close
set security zones security-zone Inline host-inbound-traffic protocols all
set security zones security-zone Inline host-inbound-traffic system-services all
set security zones security-zone Inline interfaces ge-0/0/2.0
set security zones security-zone Inline interfaces ge-0/0/3.0
set security zones security-zone Inline application-tracking
set security policies from-zone Inline to-zone Inline policy Inline1 match source-address any
set security policies from-zone Inline to-zone Inline policy Inline1 match destination-address any
set security policies from-zone Inline to-zone Inline policy Inline1 match application any
set security policies from-zone Inline to-zone Inline policy Inline1 then permit application-services idp
set security policies from-zone Inline to-zone Inline policy Inline1 then permit application-services utm-policy UTM-POC
set security policies from-zone Inline to-zone Inline policy Inline1 then log session-close

...