First, the configuration management
1.1 hostname
root@SRX550# set system host-name SRX550`
1.2 set the time zone
root@SRX550#set system time-zone Asia/Shanghai
1.3 open the Remote Service
set system services ssh
set system services telnet
1.4 open web management and allows management from 0/0/1
set system services web-management https system-generated-certificate
set system services web-management https interface ge-0/0/1.0
1.5 Configuring SNMP read-write community string
set snmp community xmcyy authorization read-write
Second, the user configuration
2.1 set the root password, a new device first step must set the root password
root @ SRX550 # set system root- authentication plain-text-password
2.2 Setting user admin, super-level administrator privileges
root @ # the SET SRX550 the Login the User System 2000 ADMIN uid
root @ # the SET System SRX550 the Login the User class Super-ADMIN the User
Third, the interface configuration
3.1 3 interface.
set interfaces ge-0/0/0 unit 0 family inet address 110.250.250.2/24
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24
Was added a 3.2 trust domain
set security zones security-zone trust interfaces ge-0/0/1.0
0 was added 3.3 untrust zone
set security zones security-zone untrust interfaces ge-0/0/0.0
Fourth, routing configuration
4.1 default route
set routing-options static route 0.0.0.0/0 next-hop 110.250.250.1
4.2 Static Routing
set routing-options static route 172.16.0.0/24 next-hop 192.168.1.254
Fifth, policy configuration
Create a group Service_1433 5.1 port and the corresponding port:
set applications application Service_1433 term Service_1433 protocol tcp
set applications application Service_1433 term Service_1433 source-port 0-65535
set applications application Service_1433 term Service_1433 destination-port 1433-1433
5.2 create an application group Service_allow, and Service_1433 added to the application group:
set applications application-set Service_allow application Service_1433
5.3 create address groups
set security zones security-zone trust address-book address 172.16.0.0/24 172.16.0.0/24
set security zones security-zone trust address-book address 172.16.0.253/32 172.16.0.253/32
5.4 Create an address pool neiwang_allow, and will allow the group access to the external network address to join
set security zones security-zone trust address-book address-set neiwang_allow address 172.16.0.0/24
5.5 Creating inter-domain policy rule from trust to untrust
set security policies from-zone trust to-zone untrust policy 1 match source-address neiwang_allow
set security policies from-zone trust to-zone untrust policy 1 match destination-address any
set security policies from-zone trust to-zone untrust policy 1 match application any
set security policies from-zone trust to-zone untrust policy 1 then permit
5.6 Creating inter-domain policy rule from the untrust to trust, to allow access to the interior of 172.16.0.253 1433
set security policies from-zone untrust to-zone trust policy 1 match source-address any
set security policies from-zone untrust to-zone trust policy 1 match destination-address 172.16.0.253
set security policies from-zone untrust to-zone trust policy 1 match application Service_allow
set security policies from-zone untrust to-zone trust policy 1 then permit
Six, NAT configuration
Please refer to: Juniper SRX550 NAT firewall configuration