ÊÕ²ØСվ
Juniper SRX BranchϵÁзÀ»ðǽÅäÖùÜÀíÊÖ²á - ͼÎÄ ÏÂÔر¾ÎÄ

type surf-control-integrated; surf-control-integrated {

profile block-selected-sites { category { News {

action block; }

}

default log-and-permit;

custom-block-message \work! If you have questions, Please contact technical, support This is the Juniper solution!\ } } }

}

utm-policy web_filtering {

web-filtering {

http-profile block-selected-sites; } }

[edit]

root# show security policies from-zone trust to-zone untrust policy t-u match {

source-address any; destination-address any; application any; } then {

permit {

application-services {

utm-policy web_filtering;Õë¶Ô´ËÌõ²ßÂÔ¿ªÆôWEB_Fitering

[edit]

µÚËIJ½£º²é¿´WEB-¹ýÂ˹¦Äܹ¤×÷״̬ÃüÁ

root# run show security utm web-filtering ? Possible completions:

statistics Show web-filtering statistics status Show web-filtering status [edit]

root# run show security utm web-filtering

µÚ 37 Ò³ ¹² 52 Ò³

2.9 SRX Branch ϵÁÐÓëUACÁª¶¯ÅäÖÃ˵Ã÷

JUNIPER SRX BranchϵÁзÀ»ðǽ¿ÉÒÔÓëJuniperͳһ½ÓÈë¿ØÖÆÆ÷UAC½øÐÐ3²ã·ÃÎÊ¿ØÖÆÁª¶¯¹¤×÷,ÏÂÃ潫¾ßÌå½éÉÜUAC¡¢SRXÅäÖÃ,Ö÷Ҫͨ¹ý½ØͼÀ´½øÐÐ˵Ã÷£º Ö÷ÒªÊÂÏ

1¡¢ SRXÓëUACÉ豸ϵͳʱ¼ä±ØÐëÒ»ÖÂ

2¡¢ SRXÉ豸ÓëUACÉ豸֤Êé±ØÐëÀ´×Ôͬһ¸ö¸ùÖ¤Êé°ä·¢

3¡¢ SRXÓëUACÖ®¼äͨ¹ýSSLÁ¬½Ó<Èç¹ûͨ¹ý·À»ðǽ»òÕßACLµÈ¿ØÖÆ>±ØÐ뽫Æä443¶Ë¿Ú·Å¿ª

µÚÒ»²½£ºÉú³É²¢»ñÈ¡UACÉ豸֤Ê飬²¢µ¼ÈëÉ豸֤ÊéºÍ¸ù·þÎñÆ÷Ö¤Êé<ÓÉÓڴ˲Ù×÷ÐèҪͨ¹ýµÚÈý·½Ö¤Êé·þÎñÆ÷À´Íê³É>Ϊ´ËÎÒµ¥¶ÀÓÐWORDÎĵµÀ´½éÉÜ¡£

µÚ¶þ²½£ºÉú³É²¢»ñÈ¡SRXÉ豸֤Êé,¾ßÌå²½ÖèÈçÏ£º

user@host> request security pki generate-key-pair certificate-id uac ÊÖ¹¤Éú³Écertificate-id user@host> request security pki generate-certificate-request certificate-id uac domain-name juniper.net subject CN=abc ÊÖ¹¤Éú³ÉÖ¤ÊéÐÅÏ¢ The following certificate request is displayed in PEM format. Generated certificate request

-----BEGIN CERTIFICATE REQUEST-----

MIHxMIGcAgEAMA4xDDAKBgNVBAMTA2htMTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC QQCbhaiWzmctH0ZDldCn+mSNM62kyiSgc4cmN68U/j9El09/DgGoMNy2y+RYA1xU sr4B0NedGrZZJx5L1sIYjHr/AgMBAAGgKTAnBgkqhkiG9w0BCQ4xGjAYMBYGA1Ud EQQPMA2CC2p1bmlwZXIubmV0MA0GCSqGSIb3DQEBBQUAA0EAleLR6Hp2ity8Dugs MW4HI6SxfwMc2eYM5Nj2UhwpEEpsce77dUBZriKdehAgli7vwNsHGIuhHjEaFzfO hpM3tA==

-----END CERTIFICATE REQUEST----- ͨ¹ýwindowsÖ¤Êé·þÎñÆ÷»òÕßOPENSSLÉú³É²¢»ñÈ¡Ö¤Êé Fingerprint:

9e:d5:7d:44:e8:e7:b6:d7:4b:58:d4:4e:2b:fb:c6:b2:4b:b7:8b:82 (sha1) b0:8d:c7:6d:41:d5:58:61:dc:a0:3e:4e:d6:39:02:d7 (md5)

user@host> request security pki local-certificate load certificate-id uac filename /var/tmp/device.cer ÊÖ¹¤¼ÓÔØÖ¤Êéµ½É豸

´ËÖ¤ÊéÊÇͨ¹ýÖ¤Êé·þÎñÆ÷Éú³ÉºóÓÉFTPµÈ·½Ê½´«Èëµ½É豸ÖС£

lab# run show security pki local-certificate detail ²é¿´µ±Ç°Ö¤ÊéÐÅÏ¢ Certificate identifier: uac Certificate version: 3

Serial number: 61069676000000000006 Issuer:

Common name: srx \\\\\\*** ²¿·ÖÏÔʾÐÅϢʡÂÔ***\\\\\\\\

µÚÈý²½£ºÅäÖÃUACÉ豸Infranet enforcer connection,¸ù¾Ý½ØͼÅäÖò½ÖèÈçÏ£º

µÚ 38 Ò³ ¹² 52 Ò³

¶¨ÒåInfranet enforcer connectionÁ¬½Ó²ÎÊý<É豸ÐòÁкš¢¹²ÏíÃÜÔ¿µÈ>

¶¨ÒåResource ÄÚ²¿×ÊÔ´

¶¨ÒåÈÏÖ¤ÁбíÆ¥Åäµ½µÄenforcer

µÚ 39 Ò³ ¹² 52 Ò³

¶¨Òåroles <×¢Òâ enable host enforcerÑ¡Ïî>

¶¨ÒåHost enforcer policys

¿Í»§¶Ë³¢ÊԵǽ,ÊäÈëÓû§ÃûºÍÃÜÂë

µÚ 40 Ò³ ¹² 52 Ò³

WordÎĵµÏÂÔØ£ºJuniper SRX BranchϵÁзÀ»ðǽÅäÖùÜÀíÊÖ²á .doc
ËÑË÷¸ü¶à:Juniper SRX BranchϵÁзÀ»ðǽÅäÖùÜÀíÊÖ²á


×îÐÂä¯ÀÀ


ÈÈÃÅä¯ÀÀ
All rights reserved Powered by ÄϾ©Áλª´ð°¸Íø¡¡
×ÊÁÏÀ´×Ô»¥ÁªÍø£¬ ÓÐÈκÎÒÉÎÊ£¬ÇëÁªÏµ¿Í·þ£º779662525☒qq.com ËÕICP±¸20003344ºÅ-2