First, the configuration management
1.1 hostname
root@SRX550# set system host-name SRX550`1.2 set the time zone
root@SRX550#set system time-zone Asia/Shanghai1.3 open the Remote Service
set system services ssh
set system services telnet1.4 open web management and allows management from 0/0/1
set system services web-management https system-generated-certificate
set system services web-management https interface ge-0/0/1.01.5 Configuring SNMP read-write community string
set snmp community xmcyy authorization read-writeSecond, the user configuration
2.1 set the root password, a new device first step must set the root password
root @ SRX550 # set system root- authentication plain-text-password
2.2 Setting user admin, super-level administrator privileges
root @ # the SET SRX550 the Login the User System 2000 ADMIN uid
root @ # the SET System SRX550 the Login the User class Super-ADMIN the User
Third, the interface configuration
3.1 3 interface.
set interfaces ge-0/0/0 unit 0 family inet address 110.250.250.2/24
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24Was added a 3.2 trust domain
set security zones security-zone trust interfaces ge-0/0/1.00 was added 3.3 untrust zone
set security zones security-zone untrust interfaces ge-0/0/0.0Fourth, routing configuration
4.1 default route
set routing-options static route 0.0.0.0/0 next-hop 110.250.250.14.2 Static Routing
set routing-options static route 172.16.0.0/24 next-hop 192.168.1.254Fifth, policy configuration
Create a group Service_1433 5.1 port and the corresponding port:
set applications application Service_1433 term Service_1433 protocol tcp
set applications application Service_1433 term Service_1433 source-port 0-65535
set applications application Service_1433 term Service_1433 destination-port 1433-14335.2 create an application group Service_allow, and Service_1433 added to the application group:
set applications application-set Service_allow application Service_14335.3 create address groups
set security zones security-zone trust address-book address 172.16.0.0/24 172.16.0.0/24
set security zones security-zone trust address-book address 172.16.0.253/32 172.16.0.253/325.4 Create an address pool neiwang_allow, and will allow the group access to the external network address to join
set security zones security-zone trust address-book address-set neiwang_allow address 172.16.0.0/245.5 Creating inter-domain policy rule from trust to untrust
set security policies from-zone trust to-zone untrust policy 1 match source-address neiwang_allow
set security policies from-zone trust to-zone untrust policy 1 match destination-address any
set security policies from-zone trust to-zone untrust policy 1 match application any
set security policies from-zone trust to-zone untrust policy 1 then permit5.6 Creating inter-domain policy rule from the untrust to trust, to allow access to the interior of 172.16.0.253 1433
set security policies from-zone untrust to-zone trust policy 1 match source-address any
set security policies from-zone untrust to-zone trust policy 1 match destination-address 172.16.0.253
set security policies from-zone untrust to-zone trust policy 1 match application Service_allow
set security policies from-zone untrust to-zone trust policy 1 then permitSix, NAT configuration
Please refer to: Juniper SRX550 NAT firewall configuration