12.1X44-D20 以下 LAB 用的則是 junos-vsrx-12.1X44-D10.4-domestic.ova
可使用 VMware 的軟體將其載入為 GuestOS,
即然是 juniper srx 的模擬器,當然只可使用 com port 連入做初使化作業,
開機畫面跟 Olive 差不了多少,只是傳統的 Olive 是 Router 模擬器,而 vSRX 則是 Firewall 模擬器.在開機之後可使用 root 直接 login不需密碼,接下來就是開始設定 root 密碼,指令如下:
set system root-authentication plain-text-password
如從未使用過 Junos 的人可參考下面這份中文手冊.以了解 Juniper Junos 的作業系統
當然也可以透過 start shll 的方式回到 OS 底層去修改 loader.conf 讓 vSRX 可以支援螢幕顯示.
vi /boot/loader.conf
console="comconsole" 原始 console 設定 改為 console="vidconsole" 如下所示
root@% vi /boot/loader.conf
kernel="/kernel"
bootfile="/kernel;/kernel.old"
autoboot_delay="2"
console="vidconsole"
libmbpool_load="YES"
if_em_vjx_load="YES"
kern.maxusers="16"
kern.maxfiles="1500"
kern.ipc.nmbclusters="640"
kern.maxdsiz="1073741824"
kern.lockable_mem_ratio="1"
kern.lapic_timer_use_hz="1"
kern.aps_lapic_timer_interrupt_enable="0"
kern.bsp_handle_all_interrupts="1"
kern.hz="500"
retype="129"
machdep.hyperthreading_allowed="1"
.
或者直接將 IP 設定上,用 web 或 ssh 直入
設定好 root 密碼與 ge-0/0/0 ip 時的 configuration
root> show configuration | display set
set version 12.1X44.4
set system root-authentication encrypted-password "$1$A0TymRZw$VZAOq32ZmadEQCfksmp.m."
set system login user juniper uid 100
set system login user juniper class super-user
set system login user juniper authentication encrypted-password "$1$E/kbFUN8$MytyvxTbYA29DY5v2kZ7X1"
set system login user juniper authentication encrypted-password "$1$E/kbFUN8$MytyvxTbYA29DY5v2kZ7X1"
set system services ssh
set system services web-management http interface ge-0/0/0.0
set system syslog user * any emergency
set system syslog file messages any any
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.100/24
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood queue-size 2000
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security policies from-zone trust to-zone trust policy default-permit match source-address any
set security policies from-zone trust to-zone trust policy default-permit match destination-address any
set security policies from-zone trust to-zone trust policy default-permit match application any
set security policies from-zone trust to-zone trust policy default-permit then permit
set security policies from-zone trust to-zone untrust policy default-permit match source-address any
set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy default-permit match application any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security policies from-zone untrust to-zone trust policy default-deny match source-address any
set security policies from-zone untrust to-zone trust policy default-deny match destination-address any
set security policies from-zone untrust to-zone trust policy default-deny match application any
set security policies from-zone untrust to-zone trust policy default-deny then deny
set security zones security-zone trust tcp-rst
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services http
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services https
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services telnet
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone untrust screen untrust-screen
root> show version
Model: junosv-firefly
JUNOS Software Release [12.1X44-D10.4]
root>
30天試用 想學 srx 可由這開始
