juniper SRX240H2 删端口

1.

[edit applications]

juniper@SRD# show

application 25879 {

    protocol tcp;

    destination-port 3389;

juniper@SRD# delete application 25879 

[edit applications]

juniper@SRD# 

2

[edit security policies from-zone untrust to-zone trust]

juniper@SRD# show   

policy 3 {

    match {

        source-address any;

        destination-address 192.168.1.204;

        ##

        ## Warning: application or application-set must be defined

        ##

        application 25879;

    }

    then {

        deny;                           

    }                                   

} 

[edit security policies from-zone untrust to-zone trust]

juniper@SRD# delete policy 3 

[edit security policies from-zone untrust to-zone trust]

juniper@SRD# 

3

[edit]

juniper@SRD# edit security nat destination 

[edit security nat destination]

juniper@SRD# show 

pool 3 {

    address 192.168.1.204/32 port 3389;

}

[edit security nat destination]

juniper@SRD# delete pool 3 

[edit security nat destination]

[edit security nat destination rule-set Rule]

juniper@SRD# show

rule 3 {

    match {

        source-address 0.0.0.0/0;

        destination-address 118.195.133.233/32;

        destination-port 25879;

    }

    then {

        ##

        ## Warning: Destination NAT pool name must be defined

        ##

        destination-nat pool 3;

    }

}

[edit security nat destination rule-set Rule]

juniper@SRD# delete rule 3 

[edit security nat destination rule-set Rule]

[edit security nat destination rule-set Rule]

juniper@SRD# commit 

commit complete

[edit security nat destination rule-set Rule]

juniper@SRD#