juniper防火墙定义策略生效时间
2017-12-06 09:53
155 查看
一般情况下,防火墙策略刷上后立即生效。在无改变情况下,将一直保持生效状态。
但在某些特殊情况下,需要实现在指定时间段内,防火墙策略生效。此时,在juniper防火墙上,可采用调用scheduler进行指定生效时间段。
例子:
1、先定义定时任务:
set schedulers scheduler 20171130 start-date 2017-11-30.16:50 stop-date 2017-12-27.00:00
2、定义正常防火墙策略
set security policies from-zone ESN-Pre-Pr
8c3a
oduction to-zone DCN1-Pre-Production policy IDC-IT_IDC-IT_20171130154134_tnurb match source-address ESN-Pre-Production_IDC-IT_171130154134_brsjz_group
set security policies from-zone ESN-Pre-Production to-zone DCN1-Pre-Production policy IDC-IT_IDC-IT_20171130154134_tnurb match destination-address DCN1-Pre-Production_IDC-IT_171130154134_xqaou_group
set security policies from-zone ESN-Pre-Production to-zone DCN1-Pre-Production policy IDC-IT_IDC-IT_20171130154134_tnurb match application TCP_8019
set security policies from-zone ESN-Pre-Production to-zone DCN1-Pre-Production policy IDC-IT_IDC-IT_20171130154134_tnurb match application junos-icmp-ping
set security policies from-zone ESN-Pre-Production to-zone DCN1-Pre-Production policy IDC-IT_IDC-IT_20171130154134_tnurb then permit
3、防火墙策略调用定时任务
set security policies from-zone ESN-Pre-Production to-zone DCN1-Pre-Production policy IDC-IT_IDC-IT_20171130154134_tnurb scheduler-name 20171130
但在某些特殊情况下,需要实现在指定时间段内,防火墙策略生效。此时,在juniper防火墙上,可采用调用scheduler进行指定生效时间段。
例子:
1、先定义定时任务:
set schedulers scheduler 20171130 start-date 2017-11-30.16:50 stop-date 2017-12-27.00:00
2、定义正常防火墙策略
set security policies from-zone ESN-Pre-Pr
8c3a
oduction to-zone DCN1-Pre-Production policy IDC-IT_IDC-IT_20171130154134_tnurb match source-address ESN-Pre-Production_IDC-IT_171130154134_brsjz_group
set security policies from-zone ESN-Pre-Production to-zone DCN1-Pre-Production policy IDC-IT_IDC-IT_20171130154134_tnurb match destination-address DCN1-Pre-Production_IDC-IT_171130154134_xqaou_group
set security policies from-zone ESN-Pre-Production to-zone DCN1-Pre-Production policy IDC-IT_IDC-IT_20171130154134_tnurb match application TCP_8019
set security policies from-zone ESN-Pre-Production to-zone DCN1-Pre-Production policy IDC-IT_IDC-IT_20171130154134_tnurb match application junos-icmp-ping
set security policies from-zone ESN-Pre-Production to-zone DCN1-Pre-Production policy IDC-IT_IDC-IT_20171130154134_tnurb then permit
3、防火墙策略调用定时任务
set security policies from-zone ESN-Pre-Production to-zone DCN1-Pre-Production policy IDC-IT_IDC-IT_20171130154134_tnurb scheduler-name 20171130
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- ASA防火墙10 定义安全策略
- 关于Juniper 防火墙设备 虚拟路由和策略路由的应用说明
- 教你验证 Juniper ScreenOS防火墙的策略顺序是否有效?
- Juniper老司机经验谈(SRX防火墙NAT与策略篇)视频课程上线了
- Juniper防火墙应用实例之日期时间设置
- Juniper防火墙基于策略NAT实现与接口不同网段公网IP对内网地址的映射
- 定义一个时间类,提供设定时间、显示时间和秒数增加1的功能,其中设定时间的方法需要校验数据的正确性
- linux防火墙,高级策略策略实例详解(实例一)
- Linux防火墙iptables的策略
- 如何通过防火墙策略限制对外扫描行为
- 后台定义方法,前台JS调用设置时间格式
- 在域中设置权威时间服务器并发布时间同步策略
- iOS--app自定义相册--给图片重写exif数据-定义相册时间戳
- Juniper 防火墙端口映射
- 服务之--防火墙策略
- 你好,Oh My Zsh - 社区力量全新方式定义命令行 | 咖啡时间