Netscreen 5Gt-105 Dual Untrust

Merhaba

Netscreen 5GT-105 dual untrust modda aldım fakat bi türlü load balacing yaptıramadım

port yonlendirmelerimde calısmadı yardımcı olursanız sevirim config dosyası asagıdaki gibidir.

[URL= http://img121.imageshack.us/img121/9813/91800307.th.jp g" target="_blank">http://img121.imageshack.us/img121/9813/91800307.th.jp g"/> ][/IMG][/URL]

Uploaded with [URL= http://imageshack.us ]ImageShack.us[/URL]

2 Modem var

 

Adsl                                                     192.168.4.1

Gshdsl                                                 192.168.5.1

 

Juniper Netscreen 5GT-105                192.168.2.1

 

İsa Server Dıs Bacak                           192.168.2.5

Isa server Ic Bacak                              192.168.1.1/24

 

Juniper dual untrust modda aldım 2 modemi juniperda sonlandırdım.

 

Amacım 2 isp load balacing çalıştırıp publish yönlendirmeleri çalıştırmak.

 

Netscreen Config

 

set clock timezone 0

set vrouter trust-vr sharable

set vrouter "untrust-vr"

exit

set vrouter "trust-vr"

unset auto-route-export

set preference static 0

exit

set service "RDP" protocol tcp src-port 3389-3389 dst-port 3389-3389

set service "Remote Administrator" protocol tcp src-port 4899-4899 dst-port 4899-4899

set service "Remote Administrator" + tcp src-port 8085-8085 dst-port 8085-8085

set service "Remote Administrator" + tcp src-port 8086-8086 dst-port 8086-8086

set auth-server "Local" id 0

set auth-server "Local" server-name "Local"

set auth default auth server "Local"

set auth radius accounting port 1646

set admin name "netscreen"

set admin password "nBMmELrEPQrCcmuN5FCtULDa5n"

set admin auth timeout 10

set admin auth server "Local"

set admin format dos

set zone "Trust" vrouter "trust-vr"

set zone "Untrust" vrouter "trust-vr"

set zone "VLAN" vrouter "trust-vr"

set zone "Untrust-Tun" vrouter "trust-vr"

set zone "Trust" tcp-rst

set zone "Untrust" block

unset zone "Untrust" tcp-rst

set zone "MGT" block

set zone "VLAN" block

unset zone "VLAN" tcp-rst

set zone "Untrust" screen tear-drop

set zone "Untrust" screen syn-flood

set zone "Untrust" screen ping-death

set zone "Untrust" screen ip-filter-src

set zone "Untrust" screen land

set zone "V1-Untrust" screen tear-drop

set zone "V1-Untrust" screen syn-flood

set zone "V1-Untrust" screen ping-death

set zone "V1-Untrust" screen ip-filter-src

set zone "V1-Untrust" screen land

set interface "ethernet1" zone "Trust"

set interface "ethernet3" zone "Untrust"

set interface "ethernet2" zone "Untrust"

set interface ethernet1 ip 192.168.2.1/24

set interface ethernet1 nat

set interface ethernet3 ip 88.250.250.240/24

set interface ethernet3 route

set interface ethernet2 ip 88.250.250.220/32

set interface ethernet2 route

unset interface vlan1 ip

unset interface vlan1 bypass-others-ipsec

unset interface vlan1 bypass-non-ip

set interface ethernet1 ip manageable

set interface ethernet3 ip manageable

set interface ethernet2 ip manageable

set interface ethernet1 manage mtrace

set interface ethernet3 monitor track-ip threshold 255

unset interface ethernet3 monitor track-ip dynamic

set interface ethernet2 vip untrust 3389 "RDP" 192.168.2.5

set interface ethernet1 dhcp server service

set interface ethernet1 dhcp server auto

set interface ethernet1 dhcp server option dns1 195.175.39.40

set interface ethernet1 dhcp server option dns2 195.175.39.39

set interface ethernet1 dhcp server ip 192.168.2.50 to 192.168.2.254

unset interface ethernet1 dhcp server config next-server-ip

set flow tcp-mss

set flow all-tcp-mss 1304

unset flow tcp-syn-check

set failover enable

set failover auto

set pki authority default scep mode "auto"

set pki x509 default cert-path partial

set dns host dns1 0.0.0.0

set dns host dns2 0.0.0.0

set dns host dns3 0.0.0.0

set ike respond-bad-spi 1

unset ike ikeid-enumeration

unset ike dos-protection

unset ipsec access-session enable

set ipsec access-session maximum 5000

set ipsec access-session upper-threshold 0

set ipsec access-session lower-threshold 0

set ipsec access-session dead-p2-sa-timeout 0

unset ipsec access-session log-error

unset ipsec access-session info-exch-connected

unset ipsec access-session use-error-log

set av profile "scan-mgr"

set ftp scan-mode  scan-all 

set ftp decompress-layer  2 

set http scan-mode  scan-all 

unset http skipmime mime-list   

set http skipmime mime-list  "ns-skip-mime-list"  

set imap scan-mode  scan-all 

set imap decompress-layer  2 

set pop3 scan-mode  scan-all 

set pop3 decompress-layer  2 

set smtp scan-mode  scan-all 

set smtp decompress-layer  2 

exit

set url protocol websense

exit

set anti-spam profile ns-profile

set sbl default-server enable

exit

set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" permit

set policy id 1

exit

set policy id 2 from "Untrust" to "Trust"  "Any" "VIP(ethernet2)" "ANY" permit

set policy id 2

exit

set pppoe name "eth3"

set pppoe name "eth3" username "test1@ttnet" password "6/ujjVFANgRB0zsPLrC7XJ1whOn3RT43qw=="

set pppoe name "eth3" interface ethernet3

set pppoe name "eth3" netmask 255.255.255.0

set pppoe name "eth2"

set pppoe name "eth2" username "test2@ttnet" password "xslW7RcPN4Gmlgs/FICOOPSblvnVsTxyKg=="

set pppoe name "eth2" interface ethernet2

set nsmgmt bulkcli reboot-timeout 60

set nsmgmt bulkcli reboot-wait 0

set ssh version v2

set config lock timeout 5

set license-key auto-update

set snmp port listen 161

set snmp port trap 162

set vrouter "untrust-vr"

exit

set vrouter "trust-vr"

set source-routing enable

set max-ecmp-routes 2

unset add-default-route

set route 0.0.0.0/0 interface ethernet3 gateway 1.1.1.1 preference 1 metric 50

set route source 192.168.2.1/24 interface ethernet3

set route source 192.168.2.1/24 interface ethernet2

exit

set vrouter "untrust-vr"

exit

set vrouter "trust-vr"

exit