{"id":95,"date":"2021-02-05T21:05:09","date_gmt":"2021-02-05T12:05:09","guid":{"rendered":"https:\/\/blog.andount.com\/?p=95"},"modified":"2026-04-18T15:30:39","modified_gmt":"2026-04-18T06:30:39","slug":"juniper-netscreen25%e3%82%92pppoe%e3%81%a7%e7%b9%8b%e3%81%84%e3%81%a0%e6%99%82%e3%81%ae%e8%a8%98%e9%8c%b2","status":"publish","type":"post","link":"https:\/\/blog.andount.com\/index.php\/2021\/02\/05\/95\/","title":{"rendered":"Juniper Netscreen25\u3092PPPoE\u3067\u7e4b\u3044\u3060\u6642\u306e\u8a18\u9332"},"content":{"rendered":"\n<p>Juniper Netscreen25\u306fJuniper Networks\uff08\u65e7NetScreen Technologies\uff09\u88fd\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u3067\u3059\u3002\u30be\u30fc\u30f3\u30d9\u30fc\u30b9\u306e\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u30dd\u30ea\u30b7\u30fc\u304c\u7279\u5fb4\u3067\u3001Trust\u30fbUntrust\u30fbDMZ\u306e\u30be\u30fc\u30f3\u5206\u96e2\u3092\u76f4\u611f\u7684\u306b\u8a2d\u5b9a\u3067\u304d\u307e\u3059\u3002\u4eca\u56de\u306fPPPoE\u3067\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u63a5\u7d9a\u3092\u78ba\u7acb\u3057\u305f\u969b\u306e\u8a2d\u5b9a\u3092\u307e\u3068\u3081\u307e\u3059\u3002<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/blog.andount.com\/index.php\/2021\/02\/05\/95\/#%E7%92%B0%E5%A2%83%E3%83%BB%E6%A7%8B%E6%88%90\" >\u74b0\u5883\u30fb\u69cb\u6210<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/blog.andount.com\/index.php\/2021\/02\/05\/95\/#%E8%A8%AD%E5%AE%9A%E3%81%AE%E3%83%9D%E3%82%A4%E3%83%B3%E3%83%88\" >\u8a2d\u5b9a\u306e\u30dd\u30a4\u30f3\u30c8<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/blog.andount.com\/index.php\/2021\/02\/05\/95\/#%E8%A8%AD%E5%AE%9A%E3%83%95%E3%82%A1%E3%82%A4%E3%83%AB\" >\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E7%92%B0%E5%A2%83%E3%83%BB%E6%A7%8B%E6%88%90\"><\/span>\u74b0\u5883\u30fb\u69cb\u6210<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>ethernet1\uff08Trust\uff09<\/strong>\uff1a\u5185\u90e8LAN\uff08192.168.11.1\/24\u30fbDHCP\u30b5\u30fc\u30d0\u30fc\uff09<\/li><li><strong>ethernet2\uff08DMZ\uff09<\/strong>\uff1aDMZ\u30bb\u30b0\u30e1\u30f3\u30c8\uff08192.168.1.1\/24\uff09<\/li><li><strong>ethernet3\uff08Untrust\uff09<\/strong>\uff1aWAN\uff08PPPoE\u63a5\u7d9a\u30fbISP\u8a8d\u8a3c\uff09<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E8%A8%AD%E5%AE%9A%E3%81%AE%E3%83%9D%E3%82%A4%E3%83%B3%E3%83%88\"><\/span>\u8a2d\u5b9a\u306e\u30dd\u30a4\u30f3\u30c8<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>\u30be\u30fc\u30f3\u30d9\u30fc\u30b9\u30dd\u30ea\u30b7\u30fc<\/strong>\uff1aTrust\u2192Untrust\u9593\u3067\u5fc5\u8981\u306a\u30b5\u30fc\u30d3\u30b9\u306e\u307f\u8a31\u53ef\u3057\u3001\u305d\u306e\u4ed6\u306f\u6697\u9ed9Deny\u3067\u906e\u65ad\u3057\u307e\u3059<\/li><li><strong>\u30b9\u30af\u30ea\u30fc\u30f3\u6a5f\u80fd<\/strong>\uff1aUntrust\u30be\u30fc\u30f3\u3067tear-drop\u30fbsyn-flood\u30fbping-death\u7b49\u306e\u653b\u6483\u30d1\u30bf\u30fc\u30f3\u3092\u30d6\u30ed\u30c3\u30af\u3057\u307e\u3059<\/li><li><strong>PPPoE\u63a5\u7d9a<\/strong>\uff1aset pppoe name &#8220;Internet&#8221;\u3067ethernt3\u306bPPPoE\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u8a2d\u5b9a\u3057\u307e\u3059<\/li><li><strong>DHCP\u30b5\u30fc\u30d0\u30fc<\/strong>\uff1aethernet1\u4e0a\u3067DHCP\u3092\u52d5\u4f5c\u3055\u305bLAN\u5074\u7aef\u672b\u306bIP\u3092\u81ea\u52d5\u914d\u5e03\u3057\u307e\u3059<\/li><li><strong>NTP\u6642\u523b\u540c\u671f<\/strong>\uff1aNICT\u306e\u30bf\u30a4\u30e0\u30b5\u30fc\u30d0\u30fc\u3067\u6642\u523b\u540c\u671f\u3057\u307e\u3059<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E8%A8%AD%E5%AE%9A%E3%83%95%E3%82%A1%E3%82%A4%E3%83%AB\"><\/span>\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u4ee5\u4e0b\u306f\u5b9f\u969b\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3067\u3059\u3002\u30d1\u30b9\u30ef\u30fc\u30c9\u985e\u306f\u4f0f\u5b57\u306b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"language-text\">set clock dst-off\nset clock ntp\nset clock timezone 9\nset vrouter trust-vr sharable\nset vrouter &quot;untrust-vr&quot;\nexit\nset vrouter &quot;trust-vr&quot;\nunset auto-route-export\nexit\nset auth-server &quot;Local&quot; id 0\nset auth-server &quot;Local&quot; server-name &quot;Local&quot;\nset auth default auth server &quot;Local&quot;\nset auth radius accounting port 1646\nset admin name &quot;root&quot;\nset admin password &quot;*********************&quot;\nset admin manager-ip 192.168.11.0 255.255.255.0\nset admin auth timeout 10\nset admin auth server &quot;Local&quot;\nset admin format dos\nset zone &quot;Trust&quot; vrouter &quot;trust-vr&quot;\nset zone &quot;Untrust&quot; vrouter &quot;trust-vr&quot;\nset zone &quot;DMZ&quot; vrouter &quot;trust-vr&quot;\nset zone &quot;VLAN&quot; vrouter &quot;trust-vr&quot;\nset zone &quot;Untrust-Tun&quot; vrouter &quot;trust-vr&quot;\nset zone &quot;Trust&quot; tcp-rst \nset zone &quot;Untrust&quot; block \nunset zone &quot;Untrust&quot; tcp-rst \nset zone &quot;MGT&quot; block \nset zone &quot;DMZ&quot; tcp-rst \nset zone &quot;VLAN&quot; block \nunset zone &quot;VLAN&quot; tcp-rst \nset zone &quot;Untrust&quot; screen tear-drop\nset zone &quot;Untrust&quot; screen syn-flood\nset zone &quot;Untrust&quot; screen ping-death\nset zone &quot;Untrust&quot; screen ip-filter-src\nset zone &quot;Untrust&quot; screen land\nset zone &quot;V1-Untrust&quot; screen tear-drop\nset zone &quot;V1-Untrust&quot; screen syn-flood\nset zone &quot;V1-Untrust&quot; screen ping-death\nset zone &quot;V1-Untrust&quot; screen ip-filter-src\nset zone &quot;V1-Untrust&quot; screen land\nset interface &quot;ethernet1&quot; zone &quot;Trust&quot;\nset interface &quot;ethernet2&quot; zone &quot;DMZ&quot;\nset interface &quot;ethernet3&quot; zone &quot;Untrust&quot;\nunset interface vlan1 ip\nset interface ethernet1 ip 192.168.11.1\/24\nset interface ethernet1 nat\nset interface ethernet2 ip 192.168.1.1\/24\nset interface ethernet2 nat\nset interface ethernet3 route\nset interface &quot;ethernet1&quot; pmtu ipv4\nset interface &quot;ethernet2&quot; pmtu ipv4\nset interface &quot;ethernet3&quot; pmtu ipv4\nset interface ethernet1 proxy dns\nunset interface vlan1 bypass-others-ipsec\nunset interface vlan1 bypass-non-ip\nset interface ethernet1 ip manageable\nunset interface ethernet2 ip manageable\nset interface ethernet3 ip manageable\nset interface ethernet3 manage ping\nset interface ethernet1 dhcp server service\nset interface ethernet1 dhcp server enable\nset interface ethernet1 dhcp server option lease 1440 \nset interface ethernet1 dhcp server option gateway 192.168.11.1 \nset interface ethernet1 dhcp server option netmask 255.255.255.0 \nset interface ethernet1 dhcp server option dns1 129.250.35.250 \nset interface ethernet1 dhcp server option dns2 129.250.35.251 \nset interface ethernet1 dhcp server option wins1 192.168.11.1 \nset interface ethernet1 dhcp server ip 192.168.11.2 to 192.168.11.220 \nunset interface ethernet1 dhcp server config next-server-ip\nset interface ethernet1 route-deny\nset flow all-tcp-mss 1304\nunset flow no-tcp-seq-check\nset flow tcp-syn-check\nset hostname Firewall\nset pki authority default scep mode &quot;auto&quot;\nset pki x509 default cert-path partial\nset dns host dns1 0.0.0.0 src-interface ethernet3\nset dns host dns2 0.0.0.0\nset dns host dns3 0.0.0.0\nset ike respond-bad-spi 1\nunset ike ikeid-enumeration\nunset ike dos-protection\nunset ipsec access-session enable\nset ipsec access-session maximum 5000\nset ipsec access-session upper-threshold 0\nset ipsec access-session lower-threshold 0\nset ipsec access-session dead-p2-sa-timeout 0\nunset ipsec access-session log-error\nunset ipsec access-session info-exch-connected\nunset ipsec access-session use-error-log\nset url protocol websense\nexit\nset policy id 1 name &quot;Permit_Service&quot; from &quot;Trust&quot; to &quot;Untrust&quot;  &quot;Any&quot; &quot;Any&quot; &quot;DNS&quot; permit \nset policy id 1\nset service &quot;FTP&quot;\nset service &quot;HTTP&quot;\nset service &quot;HTTPS&quot;\nset service &quot;ICMP-ANY&quot;\nset service &quot;MAIL&quot;\nset service &quot;NTP&quot;\nset service &quot;PING&quot;\nset service &quot;POP3&quot;\nset service &quot;SIP&quot;\nset service &quot;SSH&quot;\nset service &quot;WHOIS&quot;\nexit\nset policy id 2 name &quot;Deny_All&quot; from &quot;Trust&quot; to &quot;Untrust&quot;  &quot;Any&quot; &quot;Any&quot; &quot;ANY&quot; deny \nset policy id 2\nexit\nset policy id 3 name &quot;Deny_All&quot; from &quot;Untrust&quot; to &quot;Trust&quot;  &quot;Any&quot; &quot;Any&quot; &quot;ANY&quot; deny \nset policy id 3\nexit\nset policy id 4 name &quot;DMZ_Rule&quot; from &quot;Untrust&quot; to &quot;DMZ&quot;  &quot;Any&quot; &quot;Any&quot; &quot;ANY&quot; permit \nset policy id 4\nexit\nset policy id 5 name &quot;DMZ_Rule&quot; from &quot;DMZ&quot; to &quot;Untrust&quot;  &quot;Any&quot; &quot;Any&quot; &quot;ANY&quot; permit \nset policy id 5\nexit\nset pppoe name &quot;Internet&quot;\nset pppoe name &quot;Internet&quot; username &quot;********&quot; password &quot;**********&quot;\nset pppoe name &quot;Internet&quot; interface ethernet3\nset pppoe name &quot;Internet&quot; clear-on-disconnect\nset nsmgmt bulkcli reboot-timeout 60\nset nsmgmt bulkcli reboot-wait 0\nset ssh version v2\nset config lock timeout 5\nset license-key auto-update\nset ntp server &quot;133.243.238.163&quot;\nset ntp server src-interface &quot;ethernet3&quot;\nset ntp server backup1 &quot;133.243.238.164&quot;\nset ntp server backup1 src-interface &quot;ethernet3&quot;\nset snmp port listen 161\nset snmp port trap 162\nset vrouter &quot;untrust-vr&quot;\nexit\nset vrouter &quot;trust-vr&quot;\nunset add-default-route\nexit\nset vrouter &quot;untrust-vr&quot;\nexit\nset vrouter &quot;trust-vr&quot;\nexit<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Juniper Netscreen25\u306fJuniper Networks\uff08\u65e7NetScreen Technologies\uff09\u88fd\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u3067\u3059\u3002\u30be\u30fc\u30f3\u30d9\u30fc\u30b9\u306e\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u30dd\u30ea\u30b7\u30fc\u304c\u7279\u5fb4\u3067\u3001Trust\u30fbU\u2026 <span class=\"read-more\"><a href=\"https:\/\/blog.andount.com\/index.php\/2021\/02\/05\/95\/\">\u7d9a\u304d\u3092\u8aad\u3080 &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-95","post","type-post","status-publish","format-standard","hentry","category-network"],"_links":{"self":[{"href":"https:\/\/blog.andount.com\/index.php\/wp-json\/wp\/v2\/posts\/95","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.andount.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.andount.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.andount.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.andount.com\/index.php\/wp-json\/wp\/v2\/comments?post=95"}],"version-history":[{"count":2,"href":"https:\/\/blog.andount.com\/index.php\/wp-json\/wp\/v2\/posts\/95\/revisions"}],"predecessor-version":[{"id":234,"href":"https:\/\/blog.andount.com\/index.php\/wp-json\/wp\/v2\/posts\/95\/revisions\/234"}],"wp:attachment":[{"href":"https:\/\/blog.andount.com\/index.php\/wp-json\/wp\/v2\/media?parent=95"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.andount.com\/index.php\/wp-json\/wp\/v2\/categories?post=95"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.andount.com\/index.php\/wp-json\/wp\/v2\/tags?post=95"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}