search

Juniper CX111 Manual Pagina 10

  • Descarga
  • Añadir a mis manuales
  • Imprimir
  • Pagina
    / 14
  • Tabla de contenidos
  • MARCADORES
    • Valorado. / 5. Basado en revisión del cliente
Vista de pagina 9
10 Copyright © 2010, Juniper Networks, Inc.
APPLICATION NOTE - Configuring the CX111 for J Series and Branch SRX Series Devices
interface
/* Security Zones */
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-
traic system-services ping
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-
traic system-services dhcp
set security zones security-zone trust host-inbound-traic system-services ping
set security zones security-zone trust interfaces vlan.1 host-inbound-traic
system-services dhcp
set security zones security-zone trust interfaces vlan.1 host-inbound-traic
system-services ping
set security zones security-zone trust interfaces vlan.1 host-inbound-traic
system-services ssh
/* Allow outboud traic from trust to untrust */
set security policies from-zone trust to-zone untrust policy permit-outbound
match source-address any
set security policies from-zone trust to-zone untrust policy permit-outbound
match destination-address any
set security policies from-zone trust to-zone untrust policy permit-outbound
match application any
set security policies from-zone trust to-zone untrust policy permit-outbound then
permit
Detecting Network Failures Using RPM Probes
Although quite simple, our previous example presents a major drawback—the primary interface’s status is not always
a good indicator of the network’s connectivity. In some instances, when layer 2 protocols are not able to detect end-
to-end failures, or when multiple network hops separate the Juniper Networks SRX210 Services Gateway from remote
resources, other means to trigger a failover are desired.
This example shows how to configure a set of watch prefixes which, when they are not present in the routing table, will
enable the dialer interface. Static routes with Bidirectional Forwarding Detection (BFD) monitoring or routing protocols
can be used to dynamically change the status of the routes in the routing table.
The main advantage of this approach is that real-time performance monitoring (RPM) probes do not require any
special routing protocol support or the use of BFD. RPM probes can be configured to use standard Internet Control
Message Protocol (ICMP) messages, HTTP get requests, or TCP/UDP pings to verify end-to-end connectivity. The RPM
monitor scripts can be downloaded from the following URL: www.juniper.net/support/products/cx/#sw
Figure 5: Prefix watch
10.0.1.0/24
Trust Zone
SRX210
SRX Series Cluster
OFFICE DATA CENTER
WAN
INTERNET
Default route points to the d10.0 interface
d10.0 monitors the 10/8 prefix
10/8 prefix advertised through OSPF
Apps
Video
Finance
Data
Vista de pagina 9
1 2 ... 5 6 7 8 9 10 11 12 13 14

Comentarios a estos manuales

Sin comentarios
  • The Swan Corporation Shivaki HALO Innovations Baumatic PurePower
  • Dacor Microondas PGS Barbacoas Y Parrillas Samsung Proyectores de datos Magic Chef Termos para bebidas Harman Kardon Receptores De Música Bluetooth
  • Brother JSL-30 Krohne IFC 100 Converter IT Weider 245 Bench Hp ProBook 4520s Notebook-PC ECX Ruckus
  • Nikon Coolpix S710 Manual de usuario LG G7100 Manual de usuario Electrolux ESF2430W Manual de usuario Roland FR-1 Manual de usuario Sony XM4S Manual de usuario