Documente Academic
Documente Profesional
Documente Cultură
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Infrastructure and Zones Lab
Address Table
Central-OfficeA1 Central-OfficeA2
Interface Address Zone VLAN Interface Address Zone VLAN
ge-0/0/0.0 10.210.xx.131/26 management
ge-0/0/0 10.210.xx.132/26 management
ge-0/0/3 1.1.1.2/24 EXTERNAL
ge-0/0/3 2.2.2.2/24 EXTERNAL
ge-0/0/4 10.200.101.254/24 EMPLOYEE 101
ge-0/0/5 10.200.102.254/24 DMZ 102 ge-0/0/4 10.200.101.253/24 EMPLOYEE 101
ge-0/0/11 10.200.103.254/24 OPERATIONS 103 ge-0/0/5 10.200.102.253/24 DMZ 102
st0.0 172.20.101.1/24 VPN ge-0/0/11 10.200.103.253/24 OPERATIONS 103
st0.1 172.21.101.1/24 VPN
Hostname Host Address Host Zone VR Routing-Instance
Hostname Host Address Host Zone VR Routing-Instance hostA1-1 10.200.101.11 EMPLOYEE hostsA1
hostA1-1 10.200.101.11 EMPLOYEE hostsA1 hostA1-2 10.200.101.12 EMPLOYEE hostsA1
hostA1-2 10.200.101.12 EMPLOYEE hostsA1
hostA1-3 10.200.101.13 EMPLOYEE hostsA1
hostA1-3 10.200.101.13 EMPLOYEE hostsA1
file-serverA 10.200.102.100 DMZ file-serverA
file-serverA 10.200.102.100 DMZ file-serverA
ops-serverA 10.200.103.100 OPERATIONS ops-serverA ops-serverA 10.200.103.100 OPERATIONS ops-serverA
Branch-OfficeA2 Branch-OfficeA3
Interface Address Zone VLAN Interface Address Zone VLAN
ge-0/0/0.0 10.210.xx.133/26 management
ge-0/0/0 10.210.xx.134/26 management
ge-0/0/3 3.3.3.2/24 UNTRUST
ge-0/0/4 10.200.104.254/24 TRUST 104 ge-0/0/3 4.4.4.2/24 UNTRUST
ge-0/0/5 10.200.105.254/24 INTERNAL 105 ge-0/0/4 10.200.101.254/24 TRUST 106
st0.0 172.20.101.2/24 VPN st0.0 unnumbered VPN
Hostname Host Address Host Zone VR Routing-Instance
Hostname Host Address Host Zone VR Routing-Instance
hostA2-1 10.200.104.21 TRUST hostsA2
hostA2-2 10.200.104.22 TRUST hostsA2 hostA3-1 10.200.101.31 TRUST hostsA3
internal-serverA 10.200.105.100 INTERNAL internal-serverA
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Infrastructure and Zones Lab EMPLOYEE DMZ OPERATIONS
hostA1-1 hostA1-2 hostA1-3 file-serverA ops-serverA
VLAN Assignments VLAN Assignments
Interface VLAN-ID Interface VLAN-ID
ge-0/0/4 101 ge-0/0/4 101
ge-0/0/5 102 ge-0/0/5 102
ge-0/0/11 103 ge-0/0/4 ge-0/0/4 ge-0/0/11 103
ge-0/0/11 ge-0/0/11
ge-0/0/5 ge-0/0/5
1.1.1.1 2.2.2.1
VLAN Assignments
VLAN Assignments
Interface VLAN-ID
Interface VLAN-ID
3.3.3.1 4.4.4.1 ge-0/0/4 106
ge-0/0/4 104
ge-0/0/5 105
ge-0/0/3 ge-0/0/3
Branch-OfficeA2 3.3.3.2 4.4.4.2 Branch-OfficeA3
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group B: Infrastructure and Zones Lab
Address Table
Central-OfficeB1 Central-OfficeB2
Interface Address Zone VLAN Interface Address Zone VLAN
ge-0/0/0.0 10.210.xx.135/26 management
ge-0/0/0 10.210.xx.136/26 management
ge-0/0/3 1.1.1.2/24 EXTERNAL
ge-0/0/3 2.2.2.2/24 EXTERNAL
ge-0/0/4 10.200.201.254/24 EMPLOYEE 201
ge-0/0/5 10.200.202.254/24 DMZ 202 ge-0/0/4 10.200.201.253/24 EMPLOYEE 201
ge-0/0/11 10.200.203.254/24 OPERATIONS 203 ge-0/0/5 10.200.202.253/24 DMZ 202
st0.0 172.20.201.1/24 VPN ge-0/0/11 10.200.203.253/24 OPERATIONS 203
st0.1 172.21.201.1/24 VPN
Hostname Host Address Host Zone VR Routing-Instance
Hostname Host Address Host Zone VR Routing-Instance hostB1-1 10.200.201.11 EMPLOYEE hostsB1
hostB1-1 10.200.201.11 EMPLOYEE hostsB1 hostB1-2 10.200.201.12 EMPLOYEE hostsB1
hostB1-2 10.200.201.12 EMPLOYEE hostsB1 hostB1-3 10.200.201.13 EMPLOYEE hostsB1
hostB1-3 10.200.201.13 EMPLOYEE hostsB1
file-serverB 10.200.202.100 DMZ file-serverB
file-serverB 10.200.202.100 DMZ file-serverB
ops-serverB 10.200.203.100 OPERATIONS ops-serverB ops-serverB 10.200.203.100 OPERATIONS ops-serverB
Branch-OfficeB2 Branch-OfficeB3
Interface Address Zone VLAN Interface Address Zone VLAN
ge-0/0/0.0 10.210.xx.137/26 management
ge-0/0/0 10.210.xx.138/26 management
ge-0/0/3 3.3.3.2/24 UNTRUST
ge-0/0/4 10.200.204.254/24 TRUST 204 ge-0/0/3 4.4.4.2/24 UNTRUST
ge-0/0/5 10.200.205.254/24 INTERNAL 205 ge-0/0/4 10.200.201.254/24 TRUST 206
st0.0 172.20.201.2/24 VPN st0.0 unnumbered VPN
Hostname Host Address Host Zone VR Routing-Instance Hostname Host Address Host Zone VR Routing-Instance
hostB2-1 10.200.204.21 TRUST hostsB2 hostB3-1 10.200.201.31 TRUST hostsB3
hostB2-2 10.200.204.22 TRUST hostsB2
internal-serverB 10.200.205.100 INTERNAL internal-serverB
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group B: Infrastructure and Zones Lab EMPLOYEE DMZ OPERATIONS
hostB1-1 hostB1-2 hostB1-3 file-serverB ops-serverB
VLAN Assignments VLAN Assignments
Interface VLAN-ID Interface VLAN-ID
ge-0/0/4 201 ge-0/0/4 201
ge-0/0/5 202 ge-0/0/5 202
ge-0/0/11 203 ge-0/0/4 ge-0/0/4 ge-0/0/11 203
ge-0/0/11 ge-0/0/11
ge-0/0/5 ge-0/0/5
1.1.1.1 2.2.2.1
VLAN Assignments
VLAN Assignments
Interface VLAN-ID
Interface VLAN-ID
3.3.3.1 4.4.4.1 ge-0/0/4 206
ge-0/0/4 204
ge-0/0/5 205
ge-0/0/3 ge-0/0/3
Branch-OfficeB2 3.3.3.2 4.4.4.2 Branch-OfficeB3
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Creating Clusters Lab
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Creating Clusters Lab
Central-OfficeA Table
Central-OfficeA Cluster
Interface Address Redundant interface Zone VLAN
fxp0 (node0) 10.210.xx.131/26
fxp0 (node1) 10.210.xx.132/26
ge-0/0/1
ge-5/0/1
ge-0/0/2
ge-5/0/2
ge-0/0/3 1.1.1.2/24 EXTERNAL
ge-5/0/3 2.2.2.2/24 EXTERNAL
ge-0/0/4 reth0
ge-5/0/4 reth0
ge-0/0/5 reth1
ge-5/0/5 reth1
ge-0/0/6
ge-5/0/6
ge-0/0/10 reth1
ge-5/0/10 reth1
ge-0/0/11 reth1
ge-5/0/11 reth1
ge-0/0/12 reth1
ge-5/0/12 reth1
reth0 10.200.101.254/24 EMPLOYEE 101
reth1 10.200.102.254/24 DMZ 102
reth1 10.200.103.254/24 OPERATIONS 103
st0.0 172.20.101.1/24 VPN
st0.1 172.21.101.1/24 VPN
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Creating Clusters Lab EMPLOYEE DMZ OPERATIONS
hostA1-1 hostA1-2 hostA1-3 file-serverA ops-serverA
ISP 1 ISP 2
1.1.1.1 2.2.2.1
3.3.3.1 4.4.4.1
Cluster ID 1
ge-0/0/3 ge-0/0/3
Branch-OfficeA2 3.3.3.2 4.4.4.2 Branch-OfficeA3
ge-0/0/1
ge-0/0/4 ge-0/0/5 ge-0/0/2 ge-0/0/4 ge-0/0/5
TRUST INTERNAL
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group B: Creating Clusters Lab
Central-OfficeB Table
Central-OfficeB Cluster
Interface Address Redundant interface Zone VLAN
fxp0 (node0) 10.210.xx.135/27
fxp0 (node1) 10.210.xx.136/27
ge-0/0/1
ge-5/0/1
ge-0/0/2
ge-5/0/2
ge-0/0/3 1.1.1.2/24 EXTERNAL
ge-5/0/3 2.2.2.2/24 EXTERNAL
ge-0/0/4 reth0
ge-5/0/4 reth0
ge-0/0/5 reth1
ge-5/0/5 reth1
ge-0/0/6
ge-5/0/6
ge-0/0/10 reth1
ge-5/0/10 reth1
ge-0/0/11 reth1
ge-5/0/11 reth1
ge-0/0/12 reth1
ge-5/0/12 reth1
reth0 10.200.201.254/24 EMPLOYEE 201
reth1 10.200.202.254/24 DMZ 202
reth1 10.200.203.254/24 OPERATIONS 203
st0.0 172.20.201.1/24 VPN
st0.1 172.21.201.1/24 VPN
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group B: Creating Clusters Lab
EMPLOYEE DMZ OPERATIONS
hostB1-1 hostB1-2 hostB1-3 file-serverB ops-serverB
Cluster ID 2
ge-0/0/10 ge-0/0/10
ge-0/0/4 ge-0/0/1 ge-0/0/4
ge-0/0/11 ge-0/0/11
ge-0/0/2
ge-0/0/5 ge-0/0/12 ge-0/0/5 ge-0/0/12
ge-0/0/6
ISP 1 ISP 2
1.1.1.1 2.2.2.1
ge-0/0/3 ge-0/0/3
Branch-OfficeB2 3.3.3.2 4.4.4.2 Branch-OfficeB3
ge-0/0/1
ge-0/0/4 ge-0/0/5 ge-0/0/2 ge-0/0/4 ge-0/0/5
TRUST INTERNAL
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Building Security Policies Lab
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Building Security Policies Lab
Address Table
Central-OfficeA Cluster Branch-OfficeA2
Interface Address Zone VLAN Interface Address Zone VLAN
fxp0 (node 0) 10.210.xx.131/26 management ge-0/0/0.0 10.210.xx.133/26 management
fxp0 (node 1) 10.210.xx.132/26 management ge-0/0/3 3.3.3.2/24 UNTRUST
ge-0/0/3 1.1.1.2/24 EXTERNAL ge-0/0/4 10.200.104.254/24 TRUST 104
ge-5/0/3 2.2.2.2/24 EXTERNAL ge-0/0/5 10.200.105.254/24 INTERNAL 105
reth0.101 10.200.101.254/24 EMPLOYEE 101 st0.0 172.20.101.2/24 VPN
reth1.102 10.200.102.254/24 DMZ 102
reth1.103 10.200.103.254/24 OPERATIONS 103 Hostname Host Address Host Zone VR Routing-Instance
st0.0 172.20.101.1/24 VPN hostA2-1 10.200.104.21 TRUST hostsA2
st0.1 172.21.101.1/24 VPN hostA2-2 10.200.104.22 TRUST hostsA2
internal-serverA 10.200.105.100 INTERNAL internal-serverA
Hostname Host Address Host Zone VR Routing-Instance
hostA1-1 10.200.101.11 EMPLOYEE hostsA1
hostA1-2 10.200.101.12 EMPLOYEE hostsA1
hostA1-3 10.200.101.13 EMPLOYEE hostsA1
file-serverA 10.200.102.100 DMZ file-serverA
ops-serverA 10.200.103.100 OPERATIONS ops-serverA
Branch-OfficeA3 WarehouseA
Interface Address Zone VLAN Interface Address Zone VLAN
ge-0/0/0 10.210.xx.134/26 management ge-0/0/0 10.210.xx.141/26 management
ge-0/0/1 5.5.5.2/24 UNTRUST
ge-0/0/3 4.4.4.2/24 UNTRUST
ge-0/0/2 10.200.107.254/24 TRUST
ge-0/0/4 10.200.101.254/24 TRUST 106
st0.0 172.21.101.2/24 VPN
st0.0 unnumbered VPN
Hostname Address Zone VR Routing-Instance
Hostname Host Address Host Zone VR Routing-Instance
Warehouse-serverA 10.200.107.100 TRUST warehouseA
HostA3-1 10.200.101.31 TRUST hostsA3
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Building Security Policies Lab
EMPLOYEE DMZ OPERATIONS
hostA1-1 hostA1-2 hostA1-3 file-serverA ops-serverA
ge-0/0/10
ge-0/0/10 ge-0/0/1
ge-0/0/4 ge-0/0/4 ge-0/0/11
ge-0/0/11 ge-0/0/2
ge-0/0/5 ge-0/0/5 ge-0/0/12
ge-0/0/12 ge-0/0/6 TRUST
warehouse-serverA
Central-OfficeA1 ge-0/0/3 ge-0/0/3 Central-OfficeA2
1.1.1.2 2.2.2.2
ISP1 ISP2
1.1.1.1 2.2.2.1
ge-0/0/1 ge-0/0/2
5.5.5.1 5.5.5.2
WarehouseA
3.3.3.1 4.4.4.1
ge-0/0/3 ge-0/0/3
Branch-OfficeA2 3.3.3.2 4.4.4.2 Branch-OfficeA3
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group B: Building Security Policies Lab
Address Table
Central-OfficeB Cluster Branch-OfficeB2
Interface Address Zone VLAN Interface Address Zone VLAN
fxp0 (node 0) 10.210.xx.135/26 management ge-0/0/0.0 10.210.xx.137/26 management
fxp0 (node 1) 10.210.xx.136/26 management ge-0/0/3 3.3.3.2/24 UNTRUST
ge-0/0/3 1.1.1.2/24 EXTERNAL ge-0/0/4 10.200.204.254/24 TRUST 204
ge-5/0/3 2.2.2.2/24 EXTERNAL ge-0/0/5 10.200.205.254/24 INTERNAL 205
reth0.201 10.200.201.254/24 EMPLOYEE 201 st0.0 172.20.201.2/24 VPN
reth1.202 10.200.202.254/24 DMZ 202
reth1.203 10.200.203.254/24 OPERATIONS 203 Hostname Host Address Host Zone VR Routing-Instance
st0.0 172.20.201.1/24 VPN hostB2-1 10.200.204.21 TRUST hostsB2
st0.1 172.21.201.1/24 VPN hostB2-2 10.200.204.22 TRUST hostsB2
internal-serverB 10.200.205.100 INTERNAL internal-serverB
Hostname Host Address Host Zone VR Routing-Instance
hostB1-1 10.200.201.11 EMPLOYEE hostsB1
hostB1-2 10.200.201.12 EMPLOYEE hostsB1
hostB1-3 10.200.201.13 EMPLOYEE hostsB1
file-serverB 10.200.202.100 DMZ file-serverB
ops-serverB 10.200.203.100 OPERATIONS ops-serverB
Branch-OfficeB3 WarehouseB
Interface Address Zone VLAN Interface Address Zone VLAN
ge-0/0/0 10.210.xx.138/26 management ge-0/0/0 10.210.xx.142/26 management
ge-0/0/1 5.5.5.2/24 UNTRUST
ge-0/0/3 4.4.4.2/24 UNTRUST
ge-0/0/2 10.200.207.254/24 TRUST
ge-0/0/4 10.200.201.254/24 TRUST 206
st0.0 172.21.201.2/24 VPN
st0.0 unnumbered VPN
Hostname Address Zone VR Routing-Instance
Hostname Host Address Host Zone VR Routing-Instance
Warehouse-serverB 10.200.207.100 TRUST warehouseB
HostB3-1 10.200.201.31 TRUST hostsB3
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group B: Building Security Policies Lab
EMPLOYEE DMZ OPERATIONS
hostB1-1 hostB1-2 hostB1-3 file-serverB ops-serverB
ge-0/0/10
ge-0/0/10 ge-0/0/1
ge-0/0/4 ge-0/0/4 ge-0/0/11
ge-0/0/11 ge-0/0/2
ge-0/0/5 ge-0/0/5 ge-0/0/12
ge-0/0/12 ge-0/0/6 TRUST
warehouse-serverB
Central-OfficeB1 ge-0/0/3 ge-0/0/3 Central-OfficeB2
1.1.1.2 2.2.2.2
ISP1 ISP2
1.1.1.1 2.2.2.1
ge-0/0/1 ge-0/0/2
5.5.5.1 5.5.5.2
WarehouseB
3.3.3.1 4.4.4.1
ge-0/0/3 ge-0/0/3
Branch-OfficeB2 3.3.3.2 4.4.4.2 Branch-OfficeB3
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Building IPsec VPNs Lab Address
Table
Central-OfficeA Cluster Branch-OfficeA2
Interface Address Zone VLAN Interface Address Zone VLAN
fxp0 (node 0) 10.210.xx.131/26 management ge-0/0/0.0 10.210.xx.133/26 management
fxp0 (node 1) 10.210.xx.132/26 management ge-0/0/3 3.3.3.2/24 UNTRUST
ge-0/0/3 1.1.1.2/24 EXTERNAL ge-0/0/4 10.200.104.254/24 TRUST 104
ge-5/0/3 2.2.2.2/24 EXTERNAL ge-0/0/5 10.200.105.254/24 INTERNAL 105
reth0.101 10.200.101.254/24 EMPLOYEE 101 st0.0 172.20.101.2/24 VPN
reth1.102 10.200.102.254/24 DMZ 102
reth1.103 10.200.103.254/24 OPERATIONS 103 Hostname Host Address Host Zone VR Routing-Instance
st0.0 172.20.101.1/24 VPN hostA2-1 10.200.104.21 TRUST hostsA2
st0.1 172.21.101.1/24 VPN hostA2-2 10.200.104.22 TRUST hostsA2
gr-0/0/0.0 172.20.103.254/24 VPN internal-serverA 10.200.105.100 INTERNAL internal-serverA
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierA
ge-0/0/3 ge-0/0/3 gr-0/0/0
3.3.3.2 4.4.4.2 Branch-OfficeA3 ge-0/0/2
Branch-OfficeA2
inventory-serverA
TRUST
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierB
ge-0/0/3 ge-0/0/3 gr-0/0/0
Branch-OfficeB2 3.3.3.2 4.4.4.2 Branch-OfficeB3 ge-0/0/2
inventory-serverB
TRUST
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Network Address Translation Lab
Address Table
Central-OfficeA Cluster Branch-OfficeA2
Interface Address Zone VLAN Interface Address Zone VLAN
fxp0 (node 0) 10.210.xx.131/26 management ge-0/0/0.0 10.210.xx.133/26 management
fxp0 (node 1) 10.210.xx.132/26 management ge-0/0/3 3.3.3.2/24 UNTRUST
ge-0/0/3 1.1.1.2/24 EXTERNAL ge-0/0/4 10.200.104.254/24 TRUST 104
ge-5/0/3 2.2.2.2/24 EXTERNAL ge-0/0/5 10.200.105.254/24 INTERNAL 105
reth0.101 10.200.101.254/24 EMPLOYEE 101 st0.0 172.20.101.2/24 VPN
reth1.102 10.200.102.254/24 DMZ 102
reth1.103 10.200.103.254/24 OPERATIONS 103 Hostname Host Address Host Zone VR Routing-Instance
st0.0 172.20.101.1/24 VPN hostA2-1 10.200.104.21 TRUST hostsA2
st0.1 172.21.101.1/24 VPN hostA2-2 10.200.104.22 TRUST hostsA2
gr-0/0/0.0 172.20.103.254/24 VPN internal-serverA 10.200.105.100 INTERNAL internal-serverA
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Network Address Translation Lab
EMPLOYEE DMZ OPERATIONS
hostA1-1 hostA1-2 hostA1-3 file-serverA ops-serverA
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierA
ge-0/0/3 ge-0/0/3 gr-0/0/0
3.3.3.2 4.4.4.2 Branch-OfficeA3 ge-0/0/2
Branch-OfficeA2
inventory-serverA
TRUST
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group B: Network Address Translation Lab
EMPLOYEE DMZ OPERATIONS
hostB1-1 hostB1-2 hostB1-3 file-serverB ops-serverB
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierB
ge-0/0/3 ge-0/0/3 gr-0/0/0
3.3.3.2 4.4.4.2 Branch-OfficeB3 ge-0/0/2
Branch-OfficeB2
inventory-serverB
TRUST
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Attack Prevention Lab Address Table
Central-OfficeA Cluster Branch-OfficeA2
Interface Address Zone VLAN Interface Address Zone VLAN
fxp0 (node 0) 10.210.xx.131/26 management ge-0/0/0.0 10.210.xx.133/26 management
fxp0 (node 1) 10.210.xx.132/26 management ge-0/0/3 3.3.3.2/24 UNTRUST
ge-0/0/3 1.1.1.2/24 EXTERNAL ge-0/0/4 10.200.104.254/24 TRUST 104
ge-5/0/3 2.2.2.2/24 EXTERNAL ge-0/0/5 10.200.105.254/24 INTERNAL 105
reth0.101 10.200.101.254/24 EMPLOYEE 101 st0.0 172.20.101.2/24 VPN
reth1.102 10.200.102.254/24 DMZ 102
reth1.103 10.200.103.254/24 OPERATIONS 103 Hostname Host Address Host Zone VR Routing-Instance
st0.0 172.20.101.1/24 VPN hostA2-1 10.200.104.21 TRUST hostsA2
st0.1 172.21.101.1/24 VPN hostA2-2 10.200.104.22 TRUST hostsA2
gr-0/0/0.0 172.20.103.254/24 VPN internal-serverA 10.200.105.100 INTERNAL internal-serverA
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Attack Prevention Lab
EMPLOYEE DMZ OPERATIONS
hostA1-1 hostA1-2 hostA1-3 file-serverA ops-serverA
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierA
gr-0/0/0
ge-0/0/3 ge-0/0/3
3.3.3.2 4.4.4.2 Branch-OfficeA3 ge-0/0/2
Branch-OfficeA2
inventory-serverA
TRUST
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group B: Attack Prevention Lab
EMPLOYEE DMZ OPERATIONS
hostB1-1 hostB1-2 hostB1-3 file-serverB ops-serverB
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierB
gr-0/0/0
ge-0/0/3 ge-0/0/3
3.3.3.2 4.4.4.2 Branch-OfficeB3 ge-0/0/2
Branch-OfficeB2
inventory-serverB
TRUST
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: UTM and Screen Options Lab
Address Table
Central-OfficeA Cluster Branch-OfficeA2
Interface Address Zone VLAN Interface Address Zone VLAN
fxp0 (node 0) 10.210.xx.131/26 management ge-0/0/0.0 10.210.xx.133/26 management
fxp0 (node 1) 10.210.xx.132/26 management ge-0/0/3 3.3.3.2/24 UNTRUST
ge-0/0/3 1.1.1.2/24 EXTERNAL ge-0/0/4 10.200.104.254/24 TRUST 104
ge-5/0/3 2.2.2.2/24 EXTERNAL ge-0/0/5 10.200.105.254/24 INTERNAL 105
reth0.101 10.200.101.254/24 EMPLOYEE 101 st0.0 172.20.101.2/24 VPN
reth1.102 10.200.102.254/24 DMZ 102
reth1.103 10.200.103.254/24 OPERATIONS 103 Hostname Host Address Host Zone VR Routing-Instance
st0.0 172.20.101.1/24 VPN hostA2-1 10.200.104.21 TRUST hostsA2
st0.1 172.21.101.1/24 VPN hostA2-2 10.200.104.22 TRUST hostsA2
gr-0/0/0.0 172.20.103.254/24 VPN internal-serverA 10.200.105.100 INTERNAL internal-serverA
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: UTM and Screen Options Lab
EMPLOYEE DMZ OPERATIONS
hostA1-1 hostA1-2 hostA1-3 file-serverA ops-serverA
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierA
gr-0/0/0
ge-0/0/3 ge-0/0/3
3.3.3.2 4.4.4.2 Branch-OfficeA3 ge-0/0/2
Branch-OfficeA2
inventory-serverA
TRUST
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group B: UTM and Screen Options Lab
EMPLOYEE DMZ OPERATIONS
hostB1-1 hostB1-2 hostB1-3 file-serverB ops-serverB
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierB
ge-0/0/3 ge-0/0/3 gr-0/0/0
3.3.3.2 4.4.4.2 Branch-OfficeB3 ge-0/0/2
Branch-OfficeB2
inventory-serverB
TRUST
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Extended Implementations Lab Task 1
Central-OfficeA Cluster Branch-OfficeA2
Interface Address Zone VLAN Interface Address Zone VLAN
fxp0 (node 0) 10.210.xx.131/26 management ge-0/0/0.0 10.210.xx.133/26 management
fxp0 (node 1) 10.210.xx.132/26 management ge-0/0/1 11.11.11.1/30 P2P
ge-0/0/3 1.1.1.2/24 EXTERNAL ge-0/0/3 3.3.3.2/24 UNTRUST
ge-5/0/3 2.2.2.2/24 EXTERNAL ge-0/0/4 10.200.104.254/24 TRUST 104
reth0.101 10.200.101.254/24 EMPLOYEE 101 ge-0/0/5 10.200.105.254/24 INTERNAL 105
reth1.102 10.200.102.254/24 DMZ 102 st0.0 172.20.101.2/24 VPN
reth1.103 10.200.103.254/24 OPERATIONS 103
st0.0 172.20.101.1/24 VPN Hostname Host Address Host Zone VR Routing-Instance
st0.1 172.21.101.1/24 VPN hostA2-1 10.200.104.21 TRUST hostsA2
gr-0/0/0.0 172.20.103.254/24 VPN hostA2-2 10.200.104.22 TRUST hostsA2
internal-serverA 10.200.105.100 INTERNAL internal-serverA
Hostname Host Address Host Zone VR Routing-Instance
hostA1-1 10.200.101.11 EMPLOYEE hostsA1 WarehouseA
hostA1-2 10.200.101.12 EMPLOYEE hostsA1
Interface Address Zone VLAN
hostA1-3 10.200.101.13 EMPLOYEE hostsA1
ge-0/0/0 10.210.xx.141/26 management
file-serverA 10.200.102.100 DMZ file-serverA
ge-0/0/1 5.5.5.2/24 UNTRUST
ops-serverA 10.200.103.100 OPERATIONS ops-serverA
ge-0/0/2 10.200.107.254/24 TRUST
st0.0 172.21.101.2/24 VPN
6.6.6.1
ge-0/0/1
3.3.3.1 4.4.4.1ge-0/0/1 ge-0/0/1
6.6.6.2 SupplierA
gr-0/0/0
ge-0/0/3 ge-0/0/3
3.3.3.2 4.4.4.2 Branch-OfficeA3 ge-0/0/2
Branch-OfficeA2
inventory-serverA
TRUST
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group B: Extended Implementations Lab Task 1
EMPLOYEE DMZ OPERATIONS
hostB1-1 hostB1-2 hostB1-3 file-serverB ops-serverB Point-to-Point Connection
Device Interface Address
6.6.6.1
ge-0/0/1 3.3.3.1 4.4.4.1ge-0/0/1 ge-0/0/1
6.6.6.2 SupplierB
gr-0/0/0
ge-0/0/3 ge-0/0/3
3.3.3.2 4.4.4.2 Branch-OfficeB3 ge-0/0/2
Branch-OfficeB2
inventory-serverB
TRUST
Branch-OfficeA3 SupplierA
Interface Address Zone VLAN Interface Address Zone VLAN
ge-0/0/0 10.210.xx.143 management
ge-0/0/0 10.210.xx.134/26 management
ge-0/0/1 6.6.6.2/24 UNTRUST
ge-0/0/1 11.11.11.2/30 P2P ge-0/0/2 10.200.108.254/24 TRUST
ge-0/0/3 4.4.4.2/24 UNTRUST
Hostname Address Zone VR Routing-Instance
ge-0/0/4 10.200.101.254/24 TRUST 106
inventory-serverA 10.200.108.100 TRUST inventory-serverA
st0.0 unnumbered VPN
gr-0/0/0.0 172.20.103.1/24 VPN
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Extended Implementations Lab Tasks 24
EMPLOYEE DMZ OPERATIONS
hostA1-1 hostA1-2 hostA1-3 file-serverA ops-serverA
ge-0/0/4 ge-0/0/4
inventory-serverA
TRUST
mail-serverA hostA3-1
TRUST TRUST
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group B: Extended Implementations Lab Tasks 24
Central-OfficeB Cluster Branch-OfficeB2
Interface Address Zone VLAN Interface Address Zone VLAN
fxp0 (node 0) 10.210.xx.131/26 management ge-0/0/0 management 209
fxp0 (node 1) 10.210.xx.132/26 management ge-0/0/3 UNTRUST 209
ge-0/0/3 1.1.1.2/24 EXTERNAL ge-0/0/4 TRUST 209
ge-5/0/3 2.2.2.2/24 EXTERNAL irb.0 10.210.xx.133/26
reth0.201 10.200.201.254/24 EMPLOYEE 201
reth1.202 10.200.202.254/24 DMZ 202 Hostname Host Address Host Zone VR Routing-Instance
reth1.203 10.200.203.254/24 OPERATIONS 203 mail-serverB 10.200.209.200 TRUST mail-serverB
st0.0 172.20.201.1/24 VPN
st0.1 172.21.201.1/24 VPN WarehouseB
gr-0/0/0.0 172.20.203.254/24 VPN Interface Address Zone VLAN
ge-0/0/0 10.210.xx.141/26 management
Hostname Host Address Host Zone VR Routing-Instance ge-0/0/1 5.5.5.2/24 UNTRUST
hostB1-1 10.200.201.11 EMPLOYEE hostsB1 ge-0/0/2 10.200.207.254/24 TRUST
hostB1-2 10.200.201.12 EMPLOYEE hostsB1
st0.0 172.21.201.2/24 VPN
hostB1-3 10.200.201.13 EMPLOYEE hostsB1
file-serverB 10.200.202.100 DMZ file-serverB
Hostname Address Zone VR Routing-Instance
ops-serverB 10.200.203.100 OPERATIONS ops-serverB Warehouse-serverB 10.200.207.100 TRUST warehouse-serverB
Branch-OfficeB3 SupplierB
Interface Address Zone VLAN Interface Address Zone VLAN
ge-0/0/0 10.210.xx.143 management
ge-0/0/0 10.210.xx.134/26 management
ge-0/0/1 6.6.6.2/24 UNTRUST
ge-0/0/1 11.11.11.2/30 P2P ge-0/0/2 10.200.208.254/24 TRUST
ge-0/0/3 4.4.4.2/24 UNTRUST
Hostname Address Zone VR Routing-Instance
ge-0/0/4 10.200.201.254/24 TRUST 206
inventory-serverB 10.200.208.100 TRUST inventory-serverB
st0.0 Unnumbered VPN
gr-0/0/0.0 172.20.203.1/24 VPN
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group B: Extended Implementations Lab Tasks 24
EMPLOYEE DMZ OPERATIONS
hostB1-1 hostB1-2 hostB1-3 file-serverB ops-serverB
ge-0/0/4 ge-0/0/4
inventory-serverB
TRUST
mail-serverB hostB3-1
TRUST TRUST
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net