JUNOS軟件支持兩種類型的Zones:
1、security Zones(安全Zones)
2、functional Zones(功能Zones)
說明:
安全Zones是由一個或多個網段組成的集合,需要通過策略來對入站和出站信息流進行調整 。安全區段是綁定了一個或多個接口的邏輯實體。
功能Zones是爲實現特定目的的一類Zones,例如管理接口(management interfaces),目前的JUNOS版本支持management Zone。
SRX防火牆出廠默認配置有兩個安全Zones:
1、junos-global zone(主要用來存儲static NAT addresses,用戶不可刪除)
2、Trust zone(用戶可刪除)
netscreen@SRX3600> show security zones type functional
netscreen@SRX3600> show security zones type security
Security zone: junos-global
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 0
Interfaces:
Security zone: trust
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 0
Interfaces:
如何創建Zones:
1、創建安全Zones
netscreen@SRX3600# set security zones security-zone DMZ
2、創建功能Zones
netscreen@SRX3600A# set security zones functional-zone management
3、讓配置生效
netscreen@SRX3600# commit
4、驗證
netscreen@SRX3600> show security zones DMZ
Security zone: DMZ
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 0
Interfaces:
netscreen@SRX3600> show security zones management
Functional zone: management
Policy configurable: No
Interfaces bound: 0
Interfaces: