Juniper VSRX防火墙模拟器
VmwareWorkstation9虚拟机
通过Console线接入防火墙配置防火墙的管理IP地址及开启SSH服务Note: 若是选取物理接口作为管理IP地址时,需要将接口划入对应的Zone[edit]root@srx-02# show interfaces | display set | match ge-0/0/0 set interfaces ge-0/0/0 unit 0 family inet address 192.168.136.12/24[edit]root@srx-02# show security zones | display set | match ge-0/0/0 set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services allset security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic protocols all[edit]root@srx-02# show system services | display set | match ssh set system services sshset system services netconf sshNote: 这里也对应的开启了Telnet服务
通过Console进入防火墙操作界面后,配置根用户及Super-user的lab [edit]root@srx-02# set system root-authentication plain-text-password New password:Retype new password:Note: 输入的密码是隐藏的,直接输入即可;[edit]root@srx-02# set system login user lab class super-user authentication plain-text-password New password:Retype new password:如下图所示,提交配置之后使用命令show | compare 进行对比确认
对步骤2之后提交commit配置后,使用Lab用户进行登录认证,如下图所示,Lab用户已成功登录。 使用命令“show cli authorization '可以查看到当前的用户的权限。 如Lab用户登录到防火墙上,显示的Super-user权限,即是超级用户管理员的权限。
防火墙上查看登录的用户连接线,当防火墙上挂了太多的登录用户时,可以使用以下命令进行剔除。root@srx-02> show system users 9:47AM up 4 days, 2:28, 5 users, load averages: 0.00, 0.02, 0.00USER TTY FROM LOGIN@ IDLE WHATroot v0 - 11Jun17 16 /bin/csh lab p0 192.168.136.1 7:20AM 18 -cli (cli) root p1 192.168.136.1 9:30AM 16 -csh (csh) root p3 192.168.136.1 9:33AM - cli lab jweb1 192.168.136.1 7:22AM 2:24root@srx-02> request system logout user lab logout-user: doneroot@srx-02> show system users 9:48AM up 4 days, 2:29, 3 users, load averages: 0.03, 0.03, 0.00USER TTY FROM LOGIN@ IDLE WHATroot v0 - 11Jun17 17 /bin/csh root p1 192.168.136.1 9:30AM 18 -csh (csh) root p3 192.168.136.1 9:33AM - cli
通过Log messages查看登录的用户记录日志,默认情况下,Junos会保存10分日志Messages,日志的大小及数量可自定义。 root@srx-02> show configuration | display set | match syslog set system syslog user * any emergencyset system syslog file messages any infoset system syslog file messages authorization infoset system syslog file interactive-commands interactive-commands anyNote: 以上日志为对应的日志级别为Info。 root@srx-02> show log messages | match lab Sep 4 09:43:58 srx-02 login: Login attempt for user lab from host 192.168.136.1Sep 4 09:43:59 srx-02 login[61729]: LOGIN_INFORMATION: User lab logged in from host 192.168.136.1 on device ttyp2Sep 4 09:43:59 srx-02 mgd[61731]: UI_AUTH_EVENT: Authenticated user 'lab' at permission level 'j-super-user'Sep 4 09:43:59 srx-02 mgd[61731]: UI_LOGIN_EVENT: User 'lab' login, class 'j-super-user' [61731], ssh-connection '', client-mode 'cli'Sep 4 09:45:14 srx-02 mgd[61731]: UI_CMDLINE_READ_LINE: User 'lab', command 'show cli authorization 'Sep 4 09:45:31 srx-02 mgd[61731]: UI_LOGOUT_EVENT: User 'lab' logout
Juniper VSRX虚拟机模拟器
VmwareWorkstation 9 虚拟机