服务名称自定义;如3389,传输协议.如选择TCP,源端口是任意的，也就是默认的。目的端口就是服务对应的端口，我们开的是Telnet3389端口,所以填3389-3389。然后点击ok保存Policy>PolicyEleoeBts>Services>CUSIM>EditSSgS-SCnalServiceTimeoutPolicy4ServicesJCustom【自定义的服务端口】«ServiceNameEnableSessionC>ch«JuniperNetScreen防火墙如何做VIP映射QUseprotocoldefault1、先看服务端口系统是否有预定义或者自己有添加：Policy-»Services-)>Predefined【系统预定义的服务端口】如果两个里面都没有需耍的服务端口，则PolicyServicesCustom[New]新建一个服务N«v«rP^IBCF>Policy>Sorvic«i>Cwitoessg5-senalIKlJunloer*匡SSG5-TransportProtocolawdParameters(^nbi|10MCe)SM«iQ4iCacWConBgufwCustom°1MinuteNo"try10Secondsr~Custoa_ServicesPredefinedtPoliciesConfSoctimyPolicyPc】o】icyElementsSunRPCllSRPCGTOUDS^IL.SchedulesTrafficList20■perpageNam«TransportProtocolandParametersTimeout(fnm|10*ec*)SessionC«ch«Conftgur«3389TCPsreport:0-65535.dstport:3389-338930gEditR«mov«2、配置VIP映射关系Network-》interfaces-》list然后选择你耍映射的unstrust的interface,如默认的入口ethernetO/O,点击对应的[Edit]Uet20♦p«rp•”进入interface编辑界面后，点击[vip]倉彳金therneioTo192JL68.253.200/24”Properties:BasicProxyAftPPhyMIPDIPVIPIGMP802.1X[RDPInterfaceNameethernetO/O8071・Xf2・・0・80ZoneNameUntrust▼这里先定义访问的外网IP,选择sameastheinterfaceipaddress就是以当前上网的ip作为访问地址。letvork>Interfaces:>Edit>VI?iServicesssg5-serialInterface:•th«rn«tO/O(IP/N«tmask:192・丄68.293.200/24)BxkTo•“LHProperties:ProxyARPPhyMIPDIPVIPIGMPMonitor802.1XIRDPVIPVIPS«rvk«sIPAddrestConfigureVirtualPortSendce(Port)ServerIPStatusConflgur*No"tryavailabl・Betverk>Iaterfaees(List)ssg5-senaluetALL(12)Hoae_ConfionNetworkDNSZones[nterfacesListBackup802,IXRoutingPPPDSCPS©UU■讥IFPolicyVP騎Objoc"ReportmNameTVF«UnkJPPPoCb^rgpO192.168.1.1/2^Trust3ywr3Up•th«rn«t0/2UpEditbQrouplO.O.O.O/OMunUnuB«dDownO.O.O.O/Oib^toup}0.60.30HullUAMMdDo^n•tMmetO/0192.1M.253.200.24UrvtrvstLAy«r3UpIO.O.O.O/ODMZL>y«r3Down♦th<m<t0/3O.O.O.O/OhullUnus«dDOIROEdit<th«en<t0/4O.O.O.CVOMuttUnuMdetMrnetO/SO.O.O.O/OHull辿•th«rn«t0/6O.O.O.O/OhullUnusedDownfjhj••n>K>/0O.O.O.O/OHunUnus«dvl>nlO.O.O.O/OWARUiy«r3■<tvork>Interfaces>Editssg5-serialBxicYo•“LiHwoLo“u*「J]TunnelIF▼Interface*VIPVIPServicesIPAddressConfigureVirtualPortS<rvic<(Port)ServerIPStatusConfigur*192.168.2S3.200RemoveNoentryavailable如果供应商有给多的ip,可以选择下面的virtualipaddress,然后填入ip地址即可填完后，点击【add】进行添加letvork>Interfaces>Edit>VIP/VIPServicesInterface:ethernetO/O(IP/Netmask:192.168.253.200/24)Properties:B“icProxyARPPhyMIPDIPVIPIGMPMonitor802』XIRDPVIPVIPServicesIPAddressConfigureVirtualPortService(Port)ServerIPStatusConfigure1192.168.253.200EditIRemoveNoentryavailable然后点击【newvipservice】进入映射操作阶段Interface!•thernetO/O(IP/N«tmask:192.168.233.200/24)ProperttettProxyARPPh#DIPVIPIG"Xo<moi>SOIXIRDPssg5-serialXoTIPS<rvxc<■•tvork>Interfaces>Edit>VIP/VIPServieesssg5-serialProperties:BasicProxyARPPhyMIPDIPVIPICMPMonitor802.1X1RDPB«ckToInterfaceIHtVirtualIPVirtualPortMaptoServiceMaptoIPServerAutoDetection192.16&253.200▼3339(338~[192168.1.10Enable*HIjBMICYOLetCttcel选择要映射的虚拟ip地址，就是刚才添加的，或者以前添加的，填写虚拟端口，比如3389.maptoservice就选择要映射的服务，就是第一步我们要添加的服务端口maptoip就是要映射的内网服务器地址。然后点击ok保存，这个时候映射操作完...