Simple Firewall Juniper

Author:

Hi…

Kali ini akan kita akan coba lab simple firewall filtering pada router Juniper. Goal nya adalah PC1 tidak bisa akses ke WEB Server dan FTP Server, dengan bloking semua akses nya

Konfigurasi firewall nya sebagai berikut

root@R1# set firewall filter FILTER-IN term BLOCK-ALL from
source-address 10.0.2.2/32

root@R1# set firewall filter FILTER-IN term BLOCK-ALL then
discard

root@R1# set firewall filter FILTER-IN term ALLOW-OTHERS then accept

Kemudian, kita pasang firewall tersebut pada interface output R1 yang menuju ke WEB Server dan FTP Server

root@R1#set interface em1 unit 0 family inet filter output FILTER-IN

Cara tes nya adalah ping dari PC1 ke WEB dan FTP Server, kemudian bandingkan dengan ping dari PC2 ke WEB dan FTP Server.

Untuk lebih jelas nya, berikut konfigurasi lengkap yang ada di R1 dan R2

R1# run show configuration
## Last commit: 2017-01-20 16:33:45 UTC by R1
version 12.1R1.9;
system {
root-authentication {
encrypted-password "$1$e1Yw8ixJ$ulcM6iyRkenyihi8f41PG/"; ## SECRET-DATA
}
login {
user R1 {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$7rKjfoow$RnDfTH7.OwuOWPVd2YGFw."; ## SECRET-DATA
}
}
}
services {
telnet;
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
em0 {
unit 0 {
family inet {
address 10.0.2.11/24;
}
}
}
em1 {
unit 0 {
family inet {
filter {
output FILTER-IN;
}
address 10.0.3.11/24;
}
}
}
}
routing-options {
static {
route 10.0.4.0/24 next-hop 10.0.3.12;
}
}
firewall {
filter FILTER-IN {
term BLOCK-ALL {
from {
source-address {
10.0.2.2/32;
}
}
then {
discard;
}
}
term ALLOW-OTHERS {
then accept;
}
}
}


R2# run show configuration
## Last commit: 2017-01-20 16:27:41 UTC by R2
version 12.1R1.9;
system {
root-authentication {
encrypted-password "$1$IL43o9FF$/Z8e4mgPdAKE/u/jdTWnV."; ## SECRET-DATA
}
login {
user R2 {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$d.WFX0I2$GkQ5n4ZUVA3IKYoP28ZC5/"; ## SECRET-DATA
}
}
}
services {
telnet;
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
em0 {
unit 0 {
family inet {
address 10.0.3.12/24;
}
}
}
em1 {
unit 0 {
family inet {
address 10.0.4.12/24;
}
}
}
}
routing-options {
static {
route 10.0.2.0/24 next-hop 10.0.3.11;
}
}

Ok,, silahkan dicoba, sampai jumpa lagi di LAB berikutnya

 

 

 

Categories: Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *