juniper网络策略使用目标地址排除

Others 2021-11-18 09:49:15 views: null

需求:10.132.0.0/16 需要访问互联网,但是又不想让他访问公司其它网段 10.0.0.0/8

思路:使用destination-address-excluded来实现

实现命令脚本:

set security policies from-zone TEST to-zone Core_SW policy TEST-PASS_WWW match source-address ip_10.132.0.0/16

set security policies from-zone TEST to-zone Core_SW policy TEST-PASS_WWW match destination-address ip_10.0.0.0/8

set security policies from-zone TEST to-zone Core_SW policy TEST-PASS_WWW match destination-address-excluded

set security policies from-zone TEST to-zone Core_SW policy TEST-PASS_WWW match application tcp1-65535

set security policies from-zone TEST to-zone Core_SW policy TEST-PASS_WWW match application udp1-65535

set security policies from-zone TEST to-zone Core_SW policy TEST-PASS_WWW then permit

#不能访问10.0.0.0的地址,其它的都可以访问,比如说可以访问互联网。

Guess you like

Origin blog.csdn.net/netlt/article/details/121286271
Recommended
Ranking
How cascading public network servers and network companies with free softether, forming a network penetration
axios package
C implementation creates multiple txt file and named to the natural numbers, then the resulting decimal data written txt file
ctfhub技能树 信息泄露 目录遍历 PHPINFO 备份文件下载
The real version of graduation = #"Massey University graduation certificate in New Zealand" is exactly the same as the original MQU certificate
Examples of simple web application architecture
MATLAB graphics drawing-polar and logarithmic images
java里的this和super关键字使用(附代码实例操作)
Markdown을 사용하여 다양한 플랫폼과 호환되고 보기 쉽고 매우 아름다운 Readme 또는 기사를 작성하는 방법은 무엇입니까? 자세한 그림, 도구, 예제가 포함된 템플릿이 첨부되어 있습니다.
What does java startup hardcode correspond to?
Daily
More
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)
2024-04-14(0)

Code World

© 2018 codetd.com