Fundamentos Ce v2 Sp

download Fundamentos Ce v2 Sp

of 280

  • date post

    27-Feb-2018
  • Category

    Documents

  • view

    214
  • download

    0

Embed Size (px)

Transcript of Fundamentos Ce v2 Sp

  • 7/25/2019 Fundamentos Ce v2 Sp

    1/280

    Juniper Networks, Inc.

    1194 North Mathilda Avenue

    Sunnyvale, CA 94089

    USA

    408-745-2000

    www.juniper.net

    Nmero de pieza: 093-1660-000-SP, Revisin B

    Concepts & ExamplesScreenOS Reference Guide

    Volumen 2:

    Fundamentos

    Versin 5.3.0, Rev. B

  • 7/25/2019 Fundamentos Ce v2 Sp

    2/280

    ii

    Copyright Notice

    Copyright 2005 Juniper Networks, Inc. All rights reserved.

    Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All othertrademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective

    owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or forany obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publicationwithout notice.

    FCC Statement

    The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class Adigital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when theequipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed andused in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residentialarea is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.

    The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequencyenergy. If it is not installed in accordance with Juniper Networks installation instructions, it may cause interference with radio and television reception.This equipment has been tested and found to comply with the limits for a Class B digi tal device in accordance with the specifications in part 15 of the FCCrules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is noguarantee that interference will not occur in a particular installation.

    If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the useris encouraged to try to correct the interference by one or more of the following measures:

    Reorient or relocate the receiving antenna.

    Increase the separation between the equipment and receiver.

    Consult the dealer or an experienced radio/TV technician for help.

    Connect the equipment to an outlet on a circuit different from that to which the receiver is connected.

    Caution:Changes or modifications to this product could void the user's warranty and authority to operate this device.

    Disclaimer

    THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPEDWITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITEDWARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY.

    Writers: Anita Davey, Carrie Nowocin, Jozef Wroblewski

    Editor: Lisa Eldridge

  • 7/25/2019 Fundamentos Ce v2 Sp

    3/280

    Contenido ii

    Contenido

    Acerca de este volumen ix

    Convenciones del documento ..........................................................................xConvenciones de la interfaz de lnea de comandos (CLI) ...........................xConvenciones para las ilustraciones .........................................................xiConvenciones de nomenclatura y conjuntos de caracteres......................xiiConvenciones de la interfaz grfica (WebUI) .......................................... xiii

    Documentacin de Juniper Networks............................................................ xiv

    Captulo 1 Arquitectura de ScreenOS 1

    Zonas de seguridad..........................................................................................2Interfaces de zonas de seguridad .....................................................................3

    Interfaces fsicas........................................................................................3Subinterfaces.............................................................................................4

    Enrutadores virtuales .......................................................................................4Directivas.........................................................................................................5Redes privadas virtuales...................................................................................7Sistemas virtuales ..........................................................................................10Secuencia de flujo de paquetes ......................................................................11

    Ejemplo: (Parte 1) Empresa con seis zonas..............................................14

    Ejemplo: (Parte 2) Interfaces para seis zonas...........................................16Ejemplo: (Parte 3) Dos dominios de enrutamiento ..................................18Ejemplo: (Parte 4) Directivas ...................................................................20

    Captulo 2 Zonas 25

    Visualizar las zonas preconfiguradas ..............................................................26Zonas de seguridad........................................................................................28

    Zona Global .............................................................................................28Opciones SCREEN ...................................................................................28

    Enlazar una interfaz de tnel a una zona de tnel..........................................28Configuracin de zonas de seguridad y zonas de tnel ..................................30

    Crear una zona........................................................................................30Modificar una zona..................................................................................31Eliminar una zona ...................................................................................32

    Zonas de funcin ...........................................................................................32Zona Null.................................................................................................32Zona MGT................................................................................................32Zona HA ..................................................................................................33Zona de registro propio ...........................................................................33Zona VLAN ..............................................................................................33

    Modos de puerto............................................................................................33Modo Trust-Untrust..................................................................................34Modo Home-Work ...................................................................................35Modo Dual Untrust ..................................................................................36

  • 7/25/2019 Fundamentos Ce v2 Sp

    4/280

    iv Contenido

    Concepts & Examples ScreenOS Reference Guide (Manual de referencia de ScreenOS: conceptos y ejemplos)

    Modo combinado ....................................................................................37Modo Trust/Untrust/DMZ (extendido) ......................................................38Modo DMZ/Dual Untrust..........................................................................38Modo Dual DMZ ......................................................................................39

    Establecer los modos de puertos....................................................................40Ejemplo: Modo de puerto Home-Work..............................................40

    Zonas en los modos Home-Work y Combined Port .................................41Ejemplo: Zonas Home-Work .............................................................42

    Captulo 3 Interfaces 45

    Tipos de interfaces.........................................................................................45Interfaces de la zona de seguridad...........................................................45

    Interfaces fsicas ...............................................................................45Subinterfaces ....................................................................................46Interfaces agregadas .........................................................................46Interfaces redundantes......................................................................46

    Interfaces de seguridad virtuales.......................................................47Interfaces de zonas de funcin ................................................................47Interfaces de administracin.............................................................47Interfaces de alta disponibilidad........................................................47

    Interfaces de tnel...................................................................................48Eliminar interfaces de tnel ..............................................................51

    Vis