juniper

详细日志的关键字可以通过https://apps.juniper.net/syslog-explorer/查询 查询日志可通过命令show log XXX显示 ，其中XXX为文件名 set security log mode stream set security log report 为了记录日志发生时间的准确性，建议首先设置好ntp服务器 set system ntp server cn.pool.ntp.org 记录接口up down状态 set system syslog file interfaces-logs any any set system syslog file interfaces-logs match ifOperStatus VPN日志记录 set system syslog file kmd-logs daemon info set system syslog file kmd-logs match KMD 用户命令执行记录 set system syslog file interactive-commands interactive-commands any 用户认证记录（所有） set system syslog file auth.log authorization info 用户认证成功记录 set system syslog file auth

配置SRX100 b双机热备HA心得：厂商指定F0/0/7-控制接口，F0/0/6-设备管理接口 1、配置 Cluster id 和 Node id set chassis cluster cluster-id 1 node 0 reboot set chassis cluster cluster-id 1 node 1 reboot 注：node越小，级别越高，为主设备。另外，需要先把接口删除，否则重启后不能进入configure模式。 2、配置控制接口和数据接口，数据这里接口我这里自己指定为F0/0/2 控制接口系统默认指定F0/0/7，不需要配置，直接2台设备F0/0/7互联就行。 set interfaces fab0 fabric-options member-interfaces fe-0/0/2 set interfaces fab1 fabric-options member-interfaces fe-1/0/2 注：数据接口不用配置ip 3、每个机箱的个性化配置 ： set groups node0 system host-name SRX-A set groups node0 interfaces fxp0 unit 0 family inet address 192.168.100.100/24 #####主设备的管理ip set groups node1

配置SRX100 b双机热备HA心得：厂商指定F0/0/7-控制接口，F0/0/6-设备管理接口 1、配置 Cluster id 和 Node id set chassis cluster cluster-id 1 node 0 reboot set chassis cluster cluster-id 1 node 1 reboot 注：node越小，级别越高，为主设备。另外，需要先把接口删除，否则重启后不能进入configure模式。 2、配置控制接口和数据接口，数据这里接口我这里自己指定为F0/0/2 控制接口系统默认指定F0/0/7，不需要配置，直接2台设备F0/0/7互联就行。 set interfaces fab0 fabric-options member-interfaces fe-0/0/2 set interfaces fab1 fabric-options member-interfaces fe-1/0/2 注：数据接口不用配置ip 3、每个机箱的个性化配置 ： set groups node0 system host-name SRX-A set groups node0 interfaces fxp0 unit 0 family inet address 192.168.100.100/24 #####主设备的管理ip set groups node1

JunOS has strong flexibility on many features. One of them is logging. It support flexible logging options. This post summarizes some concepts I learned from my work and studying. 1.Understand Juniper SRX logging Type: 1.1 System Logging Junos OS supports configuring and monitoring of system log messages (also called syslog messages). You can configure files to log system messages and also assign attributes, such as severity levels, to messages. Reboot requests are recorded to the system log files, which you can view with the show log command. SRX Series devices can send system log messages

The SRX340 Services Gateway has a capacity of 3 gigabits per second (Gbps) and is 1 rack unit (U) tall. This services gateway has eight 1 G Ethernet ports, eight 1 G SFP ports, one management port, 4 GB of DRAM memory, 8 GB of flash memory, and four Mini-Physical Interface Module (Mini-PIM) slots. SRX 340 Front Panel SRX 340 Back Panel The connection is a little different from SRX 240 and 1400. Here are some related posts: Configure SRX 240 cluster Step by Step Juniper SRX 240 Chassis Cluster (High Availability) Configuration Configure High End Juniper SRX 1400 as Chassis Cluster Steps Juniper

In previous post Juniper UAC Appliance IC4500 Step by Step Configuration (Part 1) , it describes the steps how to do basic set up to get user authenticated by UAC and how to configure UAC device interacting with SRX enforcer. Here iss part 2. It will show how to set up the authentication with certifications rather than local UAC users, and get to know the steps how to let SRX and UAC work together to allow the resources to be accessed by users. More related posts list in the following links in this blog: Juniper UAC Appliance IC4500 Step by Step Configuration (Part 1) Juniper UAC Appliance

If not sure what is Juniper UAC Products, Here is the URL for review http://www.juniper.net/us/en/products-services/security/uac/ic4500/ Actually there is similar Juniper Secure Access / SSL vpn product introduced before here. Just recently configured an IC4500 to implementation access control. Here is some steps to share out. Hopefully it can save some others time for their task. Juniper UAC Appliance IC4500 Step by Step Configuration (Part 1) Juniper UAC Appliance IC4500 Step by Step Configuration (Part 2) – Certificates based Authentication Pulse Secure (formerly Juniper Pulse) – UAC

An Intrusion Detection and Prevention (IDP) policy lets you selectively enforce various attack detection and prevention techniques on the network traffic passing through your SRX Series. The SRX Series offer the same set of IDP signatures that are available on Juniper Networks IDP Series Intrusion Detection and Prevention Appliances to secure networks against attacks. The basic IDP configuration involves the following tasks: Download and install the IDP license. Download and install the signature database—You must download and install the IDP signature database. The signature databases are