1.常规策略配置
Juniper SSG:
setpolicyid11from"Untrust"to"Trust""Any""Any""tcp3389"denylog setpolicyid11 setlogsession-init exit
hillstone:
ruleid1 actiondeny logpolicy-deny src-zone"untrust" dst-zone"trust" src-addr"Any" dst-addr"Any" service"tcp3389" exit
2.基于策略模式的VPN关联策略:
Juniper SSG:
setpolicyid9from"Untrust"to"Trust""KunShan""SuZhou""ANY"tunnelvpn"KunShan"id0x34pair-policy10log setpolicyid9 setlogsession-init exit setpolicyid10from"Trust"to"Untrust""SuZhou""KunShan""ANY"tunnelvpn"KunShan"id0x34pair-policy9log setpolicyid10 setlogsession-init exit
hillstone:
ruleid33 actiontunnel"KunShan" src-zone"trust" dst-zone"untrust" src-addr"SuZhou" dst-addr"KunShan" service"Any" exit ruleid34 actionfromtunnel"KunShan" src-zone"untrust" dst-zone"trust" src-addr"KunShan" dst-addr"SuZhou" service"Any" exit
