■vSRX-HAのバージョン labunix@vSRX-node0> show version node0: -------------------------------------------------------------------------- Hostname: vSRX-node0 Model: firefly-perimeter JUNOS Software Release [12.1X47-D20.7] node1: -------------------------------------------------------------------------- Hostname: vSRX-node1 Model: firefly-perimeter JUNOS Software Release [12.1X47-D20.7] {primary:node0} ■アドレスグループ(address-set)を設定する。 configure set security zones security-zone L2-Trust address-book address vmnet8.host 192.168.152.1/32 set security zones security-zone L2-Trust address-book address vmnet8.dns 192.168.152.2/32 set security zones security-zone L2-Trust address-book address-set vmnet8 address vmnet8.host set security zones security-zone L2-Trust address-book address-set vmnet8 address vmnet8.dns commit and-quit labunix@vSRX-node0> show configuration security zones security-zone L2-Trust address-book address vmnet8.100 192.168.152.100/32; address vmnet8.host 192.168.152.1/32; address vmnet8.dns 192.168.152.2/32; address-set vmnet8 { address vmnet8.host; address vmnet8.dns; } {primary:node0} ■アプリケーショングループ(application-set)を設定する。 configure set applications application-set from-proxy application junos-http set applications application-set from-proxy application junos-https set applications application-set from-proxy application junos-ftp set applications application-set from-proxy application junos-dns-tcp set applications application-set from-proxy application junos-dns-udp set applications application-set from-proxy application junos-ntp set applications application-set from-proxy application junos-whois commit and-quit labunix@vSRX-node0> show configuration applications application proxy_3128 { application-protocol http; protocol tcp; destination-port 3128; inactivity-timeout 1800; } application proxy_8080 { application-protocol http; protocol tcp; destination-port 8080; inactivity-timeout 1800; } application-set from-proxy { application junos-http; application junos-https; application junos-ftp; application junos-dns-tcp; application junos-dns-udp; application junos-ntp; application junos-whois; } {primary:node0} ■ポリシーの作成 configure set security policies from-zone L2-Trust to-zone L3-Untrust policy pass_from_proxy match source-address vmnet8.100 set security policies from-zone L2-Trust to-zone L3-Untrust policy pass_from_proxy match destination-address any set security policies from-zone L2-Trust to-zone L3-Untrust policy pass_from_proxy match application from-proxy set security policies from-zone L2-Trust to-zone L3-Untrust policy pass_from_proxy then permit set security policies from-zone L2-Trust to-zone L3-Untrust policy pass_from_proxy then log session-init commit and-quit labunix@vSRX-node0> show configuration security policies from-zone L2-Trust to-zone L3-Untrust policy pass_from_proxy match { source-address vmnet8.100; destination-address any; application from-proxy; } then { permit; log { session-init; } } {primary:node0}