JUNIPER双机热备配置unset key protection enableset clock timezone 0set vrouter trust-vr sharableset vrouter "untrust-vr"exitset vrouter "trust-vr"unset auto-route-exportexitset alg appleichat enableunset alg appleichat re-assembly enableset alg sctp enableset auth-server "Local" id 0set auth-server "Local" server-name "Local" set auth default auth server "Local"set auth radius accounting port 1646set admin name "netscreen"set admin password "nM9dBJrVGrCEc3RGssLAgHAtesLken" set admin auth web timeout 10set admin auth server "Local"set admin format dosset zone "Trust" vrouter "trust-vr"set zone "Untrust" vrouter "trust-vr"set zone "DMZ" vrouter "trust-vr"set zone "VLAN" vrouter "trust-vr"set zone "Untrust-Tun" vrouter "trust-vr"set zone "Trust" tcp-rstset zone "Untrust" blockunset zone "Untrust" tcp-rstset zone "MGT" blockunset zone "V1-Trust" tcp-rstunset zone "V1-Untrust" tcp-rstset zone "DMZ" tcp-rstunset zone "V1-DMZ" tcp-rstunset zone "VLAN" tcp-rstset zone "Trust" screen icmp-floodset zone "Trust" screen udp-floodset zone "Trust" screen winnukeset zone "Trust" screen port-scanset zone "Trust" screen ip-sweepset zone "Trust" screen tear-dropset zone "Trust" screen syn-floodset zone "Trust" screen ip-spoofingset zone "Trust" screen ping-deathset zone "Trust" screen landset zone "Trust" screen icmp-fragmentset zone "Trust" screen icmp-largeset zone "Trust" screen syn-ack-ack-proxyset zone "Trust" screen icmp-idset zone "Trust" screen tcp-sweepset zone "Trust" screen udp-sweepset zone "Untrust" screen icmp-floodset zone "Untrust" screen udp-floodset zone "Untrust" screen tear-dropset zone "Untrust" screen syn-floodset zone "Untrust" screen ping-deathset zone "Untrust" screen ip-filter-srcset zone "Untrust" screen landset zone "V1-Untrust" screen tear-dropset zone "V1-Untrust" screen syn-floodset zone "V1-Untrust" screen ping-deathset zone "V1-Untrust" screen ip-filter-srcset zone "V1-Untrust" screen landset interface id 80 "redundant1" zone "Untrust" set interface "ethernet0/0" zone "MGT"set interface "ethernet0/1" zone "Trust"set interface "ethernet0/2" zone "Trust"set interface "ethernet0/8" zone "HA"set interface "ethernet0/9" zone "HA"set interface ethernet0/3 group redundant1set interface ethernet0/0 ip 192.168.1.1/24set interface ethernet0/0 natunset interface vlan1 ipset interface ethernet0/1 ip 10.31.0.9/29set interface ethernet0/1 natset interface ethernet0/2 ip 10.31.0.25/29set interface ethernet0/2 natset interface redundant1 ip 10.31.0.4/29set interface redundant1 routeunset interface vlan1 bypass-others-ipsecunset interface vlan1 bypass-non-ipset interface redundant1 manage-ip 10.31.0.5set interface ethernet0/1 ip manageableset interface ethernet0/2 ip manageableset interface redundant1 ip manageableunset interface ethernet0/1 manage sshunset interface ethernet0/1 manage telnetunset interface ethernet0/1 manage snmp unset interface ethernet0/1 manage sslunset interface ethernet0/1 manage webunset interface ethernet0/2 manage sshunset interface ethernet0/2 manage telnetunset interface ethernet0/2 manage snmpunset interface ethernet0/2 manage sslunset interface ethernet0/2 manage webset interface ethernet0/3 manage pingset interface redundant1 manage pingunset flow no-tcp-seq-checkset flow tcp-syn-checkunset flow tcp-syn-bit-checkset flow reverse-route clear-text preferset flow reverse-route tunnel alwaysset pki authority default scep mode "auto"set pki x509 default cert-path partialset nsrp cluster id 1set nsrp cluster name tyhyqhset nsrp rto-mirror syncset nsrp rto-mirror routeset nsrp vsd-group id 0 priority 100set nsrp monitor interface ethernet0/1set nsrp monitor interface ethernet0/2set nsrp monitor interface ethernet0/3set crypto-policyexitset ike respond-bad-spi 1set ike ikev2 ike-sa-soft-lifetime 60unset ike ikeid-enumerationunset ike dos-protectionunset ipsec access-session enableset ipsec access-session maximum 5000set ipsec access-session upper-threshold 0set ipsec access-session lower-threshold 0set ipsec access-session dead-p2-sa-timeout 0unset ipsec access-session log-errorunset ipsec access-session info-exch-connectedunset ipsec access-session use-error-logset vrouter "untrust-vr"exitset vrouter "trust-vr"exitset url protocol websenseexitset policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit logset policy id 1exitset nsmgmt bulkcli reboot-timeout 60set ssh version v2set config lock timeout 5unset license-key auto-updateset telnet client enableset snmp port listen 161set snmp port trap 162set vrouter "untrust-vr"exitset vrouter "trust-vr"unset add-default-routeset route 0.0.0.0/0 interface redundant1 gateway 10.31.0.1set route 10.31.1.0/24 interface ethernet0/1 gateway 10.31.0.13set route 10.31.2.0/24 interface ethernet0/2 gateway 10.31.0.26set route 10.31.1.0/24 interface ethernet0/2 gateway 10.31.0.26 metric 10set route 10.31.2.0/24 interface ethernet0/1 gateway 10.31.0.13 metric 10exitset vrouter "untrust-vr"exitset vrouter "trust-vr"exit。