{"id":58,"date":"2023-04-09T02:57:14","date_gmt":"2023-04-08T23:57:14","guid":{"rendered":"https:\/\/onurunlu.com.tr\/?p=58"},"modified":"2023-04-09T02:57:14","modified_gmt":"2023-04-08T23:57:14","slug":"btk-ara-baglantisi-icin-juniper-ssg20-firewall-tanimlamasi","status":"publish","type":"post","link":"https:\/\/onurunlu.com.tr\/?p=58","title":{"rendered":"BTK ARA BA\u011eLANTISI \u0130\u00c7\u0130N JUNIPER SSG20 FIREWALL TANIMLAMASI"},"content":{"rendered":"

Servis Sa\u011flay\u0131c\u0131 Lisans\u0131 almak isteyen bir\u00e7ok firma ve arkada\u015f\u0131n en b\u00fcy\u00fck problemlerinden biri de BTK’ n\u0131n lisans i\u015flemlerinden \u00f6nce baz\u0131 isterleri olmas\u0131d\u0131r.<\/p>\n

Bunlardan biri de altyap\u0131 kurulumudur. Bu makalede size Juniper SSG20 serisi firewall i\u00e7in \u00f6rnek bir konfigurasyon payla\u015fmak istedim.<\/p>\n

Eminim ki bu \u00f6rnek konfigurasyona internet \u00fczerinde ula\u015famayabilirsiniz. Umar\u0131m yararl\u0131 bir payla\u015f\u0131m olur.<\/p>\n

Unutmayal\u0131m, Bilgi payla\u015ft\u0131k\u00e7a \u00e7o\u011fal\u0131r …<\/p>\n

\n

unset key protection enable<\/p>\n

set clock timezone 0<\/p>\n

set vrouter trust-vr sharable<\/p>\n

set vrouter “untrust-vr”<\/p>\n

exit<\/p>\n

set vrouter “trust-vr”<\/p>\n

unset auto-route-export<\/p>\n

exit<\/p>\n

set alg appleichat enable<\/p>\n

unset alg appleichat re-assembly enable<\/p>\n

set alg sctp enable<\/p>\n

set auth-server “Local” id 0<\/p>\n

set auth-server “Local” server-name “Local”<\/p>\n

set auth default auth server “Local”<\/p>\n

set auth radius accounting port 1646<\/p>\n

set admin name “netscreen” (netscreen YER\u0130NE YEN\u0130 B\u0130R USER TANIMLAYIN)<\/strong><\/p>\n

set admin password “” (YEN\u0130 B\u0130R \u015e\u0130FRE TANIMLAYIN)<\/strong><\/p>\n

set admin auth web timeout 10<\/p>\n

set admin auth dial-in timeout 3<\/p>\n

set admin auth server “Local”<\/p>\n

set admin format dos<\/p>\n

set zone “Trust” vrouter “trust-vr”<\/p>\n

set zone “Untrust” vrouter “trust-vr”<\/p>\n

set zone “DMZ” vrouter “trust-vr”<\/p>\n

set zone “VLAN” vrouter “trust-vr”<\/p>\n

set zone “Untrust-Tun” vrouter “trust-vr”<\/p>\n

set zone “Trust” tcp-rst<\/p>\n

set zone “Untrust” block<\/p>\n

unset zone “Untrust” tcp-rst<\/p>\n

set zone “MGT” block<\/p>\n

unset zone “V1-Trust” tcp-rst<\/p>\n

unset zone “V1-Untrust” tcp-rst<\/p>\n

set zone “DMZ” tcp-rst<\/p>\n

unset zone “V1-DMZ” tcp-rst<\/p>\n

unset zone “VLAN” tcp-rst<\/p>\n

unset zone “Untrust” screen tear-drop<\/p>\n

unset zone “Untrust” screen syn-flood<\/p>\n

unset zone “Untrust” screen ping-death<\/p>\n

unset zone “Untrust” screen ip-filter-src<\/p>\n

unset zone “Untrust” screen land<\/p>\n

set zone “V1-Untrust” screen tear-drop<\/p>\n

set zone “V1-Untrust” screen syn-flood<\/p>\n

set zone “V1-Untrust” screen ping-death<\/p>\n

set zone “V1-Untrust” screen ip-filter-src<\/p>\n

set zone “V1-Untrust” screen land<\/p>\n

set interface adsl1\/0 phy operating-mode auto<\/p>\n

set interface “ethernet0\/0” zone “Untrust”<\/p>\n

set interface “ethernet0\/1” zone “Null”<\/p>\n

set interface “wireless0\/0” zone “Trust”<\/p>\n

set interface “bgroup0” zone “Trust”<\/p>\n

set interface “adsl1\/0” pvc 8 35 mux llc protocol bridged qos ubr zone “Untrust”<\/p>\n

set interface bgroup0 port ethernet0\/1<\/p>\n

set interface bgroup0 port ethernet0\/2<\/p>\n

set interface bgroup0 port ethernet0\/3<\/p>\n

set interface bgroup0 port ethernet0\/4<\/p>\n

unset interface vlan1 ip<\/p>\n

set interface ethernet0\/0 ip (BTK NIN VERD\u0130\u011e\u0130 IP ADRESINI G\u0130R\u0130N ! XXX.XXX.XXX.XXX\/27)<\/strong><\/p>\n

set interface ethernet0\/0 route<\/p>\n

set interface bgroup0 ip \u00a0(BTK NIN VERD\u0130\u011e\u0130 IP ADRESINI G\u0130R\u0130N ! XXX.XXX.XXX.XXX\/29)<\/strong><\/p>\n

set interface bgroup0 nat<\/p>\n

set interface ethernet0\/0 gateway \u00a0(BTK NIN VERD\u0130\u011e\u0130 GATEWAY\u0130 G\u0130R\u0130N ! XXX.XXX.XXX.XXX)<\/strong><\/p>\n

unset interface vlan1 bypass-others-ipsec<\/p>\n

unset interface vlan1 bypass-non-ip<\/p>\n

set interface ethernet0\/0 ip manageable<\/p>\n

set interface bgroup0 ip manageable<\/p>\n

set interface ethernet0\/0 manage ping<\/p>\n

set interface ethernet0\/0 manage ssh<\/p>\n

set interface ethernet0\/0 manage telnet<\/p>\n

set interface ethernet0\/0 manage snmp<\/p>\n

set interface ethernet0\/0 manage web<\/p>\n

set interface bgroup0 manage mtrace<\/p>\n

set interface ethernet0\/0 vip interface-ip<\/p>\n

set interface bgroup0 dhcp server service<\/p>\n

set interface bgroup0 dhcp server auto<\/p>\n

unset interface bgroup0 dhcp server config next-server-ip<\/p>\n

set interface “serial0\/0” modem settings “USR” init “AT&F”<\/p>\n

set interface “serial0\/0” modem settings “USR” active<\/p>\n

set interface “serial0\/0” modem speed 115200<\/p>\n

set interface “serial0\/0” modem retry 3<\/p>\n

set interface “serial0\/0” modem interval 10<\/p>\n

set interface “serial0\/0” modem idle-time 10<\/p>\n

set flow tcp-mss<\/p>\n

unset flow tcp-syn-check<\/p>\n

unset flow tcp-syn-bit-check<\/p>\n

set flow reverse-route clear-text prefer<\/p>\n

set flow reverse-route tunnel always<\/p>\n

set pki authority default scep mode “auto”<\/p>\n

set pki x509 default cert-path partial<\/p>\n

set crypto-policy<\/p>\n

exit<\/p>\n

set ike respond-bad-spi 1<\/p>\n

set ike ikev2 ike-sa-soft-lifetime 60<\/p>\n

unset ike ikeid-enumeration<\/p>\n

unset ike dos-protection<\/p>\n

unset ipsec access-session enable<\/p>\n

set ipsec access-session maximum 5000<\/p>\n

set ipsec access-session upper-threshold 0<\/p>\n

set ipsec access-session lower-threshold 0<\/p>\n

set ipsec access-session dead-p2-sa-timeout 0<\/p>\n

unset ipsec access-session log-error<\/p>\n

unset ipsec access-session info-exch-connected<\/p>\n

unset ipsec access-session use-error-log<\/p>\n

set url protocol websense<\/p>\n

exit<\/p>\n

set policy id 1 from “Trust” to “Untrust”\u00a0 “Any” “Any” “ANY” permit<\/p>\n

set policy id 1<\/p>\n

exit<\/p>\n

set nsmgmt bulkcli reboot-timeout 60<\/p>\n

set ssh version v2<\/p>\n

set ssh enable<\/p>\n

set config lock timeout 5<\/p>\n

unset license-key auto-update<\/p>\n

set telnet client enable<\/p>\n

set wlan country-code AT<\/p>\n

set wlan 0 channel auto<\/p>\n

set wlan 1 channel auto<\/p>\n

set wlan change-channel-timer 0<\/p>\n

set snmp port listen 161<\/p>\n

set snmp port trap 162<\/p>\n

set snmpv3 local-engine id “0164092008000839”<\/p>\n

set vrouter “untrust-vr”<\/p>\n

exit<\/p>\n

set vrouter “trust-vr”<\/p>\n

unset add-default-route<\/p>\n

exit<\/p>\n

set vrouter “untrust-vr”<\/p>\n

exit<\/p>\n

set vrouter “trust-vr”<\/p>\n

exit<\/p>\n","protected":false},"excerpt":{"rendered":"

Servis Sa\u011flay\u0131c\u0131 Lisans\u0131 almak isteyen bir\u00e7ok firma ve arkada\u015f\u0131n en<\/p>\n","protected":false},"author":1,"featured_media":47,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[23,64,65],"class_list":["post-58","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-paylasim","tag-btk","tag-juniper","tag-junos"],"featured_image_urls":{"full":["https:\/\/onurunlu.com.tr\/wp-content\/uploads\/2023\/04\/onur-sign-big-1.jpg",545,533,false],"thumbnail":["https:\/\/onurunlu.com.tr\/wp-content\/uploads\/2023\/04\/onur-sign-big-1-150x150.jpg",150,150,true],"medium":["https:\/\/onurunlu.com.tr\/wp-content\/uploads\/2023\/04\/onur-sign-big-1-300x293.jpg",300,293,true],"medium_large":["https:\/\/onurunlu.com.tr\/wp-content\/uploads\/2023\/04\/onur-sign-big-1.jpg",545,533,false],"large":["https:\/\/onurunlu.com.tr\/wp-content\/uploads\/2023\/04\/onur-sign-big-1.jpg",545,533,false],"1536x1536":["https:\/\/onurunlu.com.tr\/wp-content\/uploads\/2023\/04\/onur-sign-big-1.jpg",545,533,false],"2048x2048":["https:\/\/onurunlu.com.tr\/wp-content\/uploads\/2023\/04\/onur-sign-big-1.jpg",545,533,false],"chromenews-featured":["https:\/\/onurunlu.com.tr\/wp-content\/uploads\/2023\/04\/onur-sign-big-1.jpg",545,533,false],"chromenews-large":["https:\/\/onurunlu.com.tr\/wp-content\/uploads\/2023\/04\/onur-sign-big-1.jpg",545,533,false],"chromenews-medium":["https:\/\/onurunlu.com.tr\/wp-content\/uploads\/2023\/04\/onur-sign-big-1-545x410.jpg",545,410,true]},"author_info":{"info":["admin"]},"category_info":"Payla\u015f\u0131m<\/a>","tag_info":"Payla\u015f\u0131m","comment_count":"0","_links":{"self":[{"href":"https:\/\/onurunlu.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/58","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/onurunlu.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/onurunlu.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/onurunlu.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/onurunlu.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=58"}],"version-history":[{"count":1,"href":"https:\/\/onurunlu.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/58\/revisions"}],"predecessor-version":[{"id":59,"href":"https:\/\/onurunlu.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/58\/revisions\/59"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/onurunlu.com.tr\/index.php?rest_route=\/wp\/v2\/media\/47"}],"wp:attachment":[{"href":"https:\/\/onurunlu.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=58"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/onurunlu.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=58"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/onurunlu.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=58"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}