Anda di halaman 1dari 5

SOP CONFIGURASI SRX 240

1. Perhatikan konfigurasi yang diberi highlight warna merah, sesuaikan


dengan lokasi yang akan dikonfigurasi
2. Masuk/login ke perangkat yang akan dikonfigurasi dengan menggunakan
console melalui aplikasi putty atau hyperterminal
3. Lalu masuk kedalam mode konfigurasi #
4. Setelah itu jalankan perintah load overide terminal
5. Copy framework srx yang sudah di edit hostname, IP Address VLAN 10 dan
20 serta roouting
6. Selanjutnya paste ke terminal putty, hyperteminal, sampai seluruh
konfigurasi selesai tersalin di terminal
7. Selanjut nya tekan CTRL+D, maka terminal akan kembali ke mode
konfigurasi #
8. Terakhir kita simpan konfigurasi tersebut dengan perintah commit
9. lalukan cross cek pada perangkat apakah konfigurasi yang kita baru saja
konfigur sudah sesauai dengan yang ada diperangkat
system {
host-name FW-KPPBC-BEKASI;
root-authentication {
encrypted-password "$1$1XTitGWl$ZjXXI45LRguRkurvLRupG/"; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
https {
system-generated-certificate;
interface [ vlan.20 vlan.10 ];
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;

max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
vlan {
members VLAN-INSIDE;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members VLAN-INSIDE;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members VLAN-INSIDE;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members VLAN-INSIDE;
}
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members VLAN-OUTSIDE;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {

members VLAN-OUTSIDE;
}
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members VLAN-OUTSIDE;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members VLAN-OUTSIDE;
}
}
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/13 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/14 {
unit 0 {
family ethernet-switching;
}

}
ge-0/0/15 {
unit 0 {
family ethernet-switching;
}
}
vlan {
unit 10 {
family inet {
address 172.16.54.2/24;
}
}
unit 20 {
family inet {
address 192.168.54.254/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 172.16.54.1;
}
}
protocols {
stp;
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
zones {
security-zone INSIDE {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;

}
}
interfaces {
vlan.10;
}
}
security-zone OUTSIDE {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.20;
}
}
}
policies {
default-policy {
permit-all;
}
}
}
vlans {
VLAN-INSIDE {
vlan-id 10;
l3-interface vlan.10;
}
VLAN-OUTSIDE {
vlan-id 20;
l3-interface vlan.20;
}
}