Juniper SRX100 HA 配置實例
## Last changed: 2013-07-05 11:01:18 UTCversion 11.2R4.3;
groups {
node0 {
system {
host-name srx-node0;##定義節點名
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.16.35.46/24; ##管理用的IP
}
}
}
}
}
node1 {
system {
host-name srx-node1;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.16.35.47/24;
}
}
}
}
}
}
apply-groups "${node}";
system {
root-authentication {
encrypted-password "abcabcabcabcabcabcabcabc"; ## SECRET-DATA
}
services {
web-management {
http {
interface reth0.0; ##定義Web管理接口
}
}
}
}
chassis {
cluster {
reth-count 4;
redundancy-group 0 {
node 0 priority 100;
node 1 priority 1;
}
redundancy-group 1 {
node 0 priority 100;
node 1 priority 1;
interface-monitor {
fe-0/0/0 weight 255;
fe-0/0/2 weight 255;
fe-1/0/0 weight 255;
fe-1/0/2 weight 255;
}
}
}
}
interfaces {
fe-0/0/0 {
fastether-options {
redundant-parent reth0;
}
}
fe-0/0/2 {
fastether-options {
redundant-parent reth1;
}
}
fe-1/0/0 {
fastether-options {
redundant-parent reth0;
}
}
fe-1/0/2 {
fastether-options {
redundant-parent reth1;
}
}
fab0 {
fabric-options {
member-interfaces {
fe-0/0/1;
}
}
}
fab1 {
fabric-options {
member-interfaces {
fe-1/0/1;
}
}
}
reth0 { ##內網接口
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 192.168.8.1/24;
}
}
}
reth1 { ##外網接口
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 10.0.0.254/16;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.0.3;
}
}
security { ##最基本的放行
policies {
from-zone Trust to-zone Untrust {
policy 1 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone Untrust {
host-inbound-traffic {
system-services {
any-service;
}
protocols {
all;
}
}
interfaces {
reth1.0;
}
}
security-zone Trust {
host-inbound-traffic {
system-services {
any-service;
}
protocols {
all;
}
}
interfaces {
reth0.0;
}
}
}
}
页:
[1]