




版權說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權,請進行舉報或認領
文檔簡介
1、配置默認路由華為USG5500防火墻配置實驗1、實驗拓撲內(nèi)網(wǎng):192.168.0.0/24外網(wǎng):192.168.1.0/24其他設備地址規(guī)劃如圖,按照拓撲圖搭建網(wǎng)絡,并配置設備地址2、具體配置命令AR1system-viewHuaweisys name AR1AR1i nteface g0/0/0AR1-GigabitEther netO/O/Oip address 192.168.0.150 24 AR1-GigabitEthernet0/0/0quit退岀AR1ip route-static 0.0.0.0 0.0.0.0 192.168.0.1AR1開啟Tel net 服務AR1user
2、-i nteface vty 0 4開啟遠程線程AR1-ui-vty0-4auAR1-ui-vty0-4authentication-mode password認證方式為 passwordPlease con figure the logi n password (maximum len gth 16):888登錄密碼AR1-ui-vty0-4user privilege level 3設置用戶等級AR1-ui-vty0-4AR2system-viewHuaweisys name AR2AR2i nteface g0/0/0PC2或者AR2-GigabitEthernet0/0/0ip add
3、AR2-GigabitEthernet0/0/0ip address 192.168.1.150 24 AR2-GigabitEthernet0/0/0qAR1ip route-static 0.0.0.0 0.0.0.0 192.168.1.1AR2 配置 Tel netAR2usAR2user-interface vAR2user-interface vty 0 4AR2-ui-vty0-4auAR2-ui-vty0-4authentication-mode p AR2-ui-vty0-4authentication-mode passwordPlease configure the lo
4、gin password (maximum length 16):666AR2-ui-vty0-4set authentication password cipher 666AR2-ui-vty0-4user privilege level 3AR2-ui-vty0-4q防火墻配置:The device is running!system-viewSRGsysname FW1FW1interface g0/0/0FW1-GigabitEthernet0/0/0ip add 192.168.0.1 24Warning: Address already exists!默認接口地址已經(jīng)存在,不用管F
5、W1-GigabitEthernet0/0/0qFW1interface g0/0/1FW1-GigabitEthernet0/0/1ip add 192.168.1.1 24 FW1-GigabitEthernet0/0/1qFW1display zone顯示區(qū)域配置localpriority is 100#trustpriority is 85interface of the zone is (1):GigabitEthernet0/0/0#untrustpriority is 5interface of the zone is (0):#dmzpriority is 50interfac
6、e of the zone is (0):FW1FW1firewall zone name outside FW1-zone-outsideset priority 30 FW1-zone-outsideq FW1firewall zone name inside FW1-zone-insideset priority 90創(chuàng)建一個名字為設置安全等級為outside 的區(qū)域30FW1-zone-insideqFW1display zoneFW1firewall zone outside 進入 outside 區(qū)域 FW1-zone-outsideadd interface GigabitEth
7、ernet 0/0/1,把接口 g0/0/1接入該區(qū)域FW1-zone-outsidedisplay this顯示當前的配置firewall zone name outsideset priority 30add interface GigabitEthernet0/0/1 #return FW1-zone-outsideq FW1display policy all policy zone local#policy zone trust#查看策略policy zone untrust#policy zone dmz#policy zone outside#policy zone inside
8、#policy interzone local trust inbound firewall default packet-filter is permit #policy interzone local trust outbound firewall default packet-filter is permit #policy interzone local untrust inbound firewall default packet-filter is deny#policy interzone local untrust outbound firewall default packe
9、t-filter is permit #policy interzone local dmz inbound firewall default packet-filter is deny#policy interzone local dmz outbound firewall default packet-filter is permit#policy interzone local outside inbound firewall default packet-filter is deny #policy interzone local outside outbound firewall d
10、efault packet-filter is permit#policy interzone local inside inbound firewall default packet-filter is deny#policy interzone local inside outbound firewall default packet-filter is permit#policy interzone trust untrust inbound firewall default packet-filter is deny #policy interzone trust untrust ou
11、tbound firewall default packet-filter is deny #policy interzone trust dmz inbound firewall default packet-filter is deny#policy interzone trust dmz outbound firewall default packet-filter is deny#policy interzone trust outside inbound firewall default packet-filter is deny#policy interzone trust out
12、side outbound firewall default packet-filter is deny#policy interzone inside trust inbound firewall default packet-filter is deny#policy interzone inside trust outbound firewall default packet-filter is deny定義 outbound流量#policy interzone dmz untrust inboundfirewall default packet-filter is deny#poli
13、cy interzone dmz untrust outboundfirewall default packet-filter is deny#policy interzone outside untrust inboundfirewall default packet-filter is deny#policy interzone outside untrust outboundfirewall default packet-filter is deny#policy interzone inside untrust inboundfirewall default packet-filter
14、 is deny#policy interzone inside untrust outboundfirewall default packet-filter is deny#policy interzone dmz outside inboundfirewall default packet-filter is deny#policy interzone dmz outside outboundfirewall default packet-filter is deny#policy interzone inside dmz inboundfirewall default packet-fi
15、lter is deny#policy interzone inside dmz outboundfirewall default packet-filter is deny#policy interzone inside outside inboundfirewall default packet-filter is deny#policy interzone inside outside outboundfirewall default packet-filter is deny#FW1創(chuàng)建策略放行 outbound 流量FW1policy interzone trust outside
16、outbound FW1-policy-interzone-trust-outside-outboundpoli FW1-policy-interzone-trust-outside-outboundpolicy 1 FW1-policy-interzone-trust-outside-outbound-1poli FW1-policy-interzone-trust-outside-outbound-1policy soFW1-policy-interzone-trust-outside-outbound-1policy source192.168.0.150 001:27:13 2016/
17、11/15FW1-policy-interzone-trust-outside-outbound-1poliFW1-policy-interzone-trust-outside-outbound-1policy deFW1-policy-interzone-trust-outside-outbound-1policy destination any 01:27:25 2016/11/15FW1-policy-interzone-trust-outside-outbound-1acFW1-policy-interzone-trust-outside-outbound-1action pFW1-p
18、olicy-interzone-trust-outside-outbound-1action permit01:27:34 2016/11/15FW1-policy-interzone-trust-outside-outbound-1FW1-policy-interzone-trust-outside-outbound-1q01:27:37 2016/11/15FW1-policy-interzone-trust-outside-outboundFW1-policy-interzone-trust-outside-outboundq01:27:38 2016/11/15FW1FW1FW1dis
19、FW1display poFW1display poliFW1display policy iFW1display policy interzone tFW1display policy interzone trust oFW1display policy interzone trust outside outbound01:27:55 2016/11/15policy interzone trust outside outboundfirewall default packet-filter is denypolicy 1 (0 times matched)action permitpoli
20、cy service service-set ippolicy source 192.168.0.0 mask 255.255.255.0policy source 192.168.0.150 0policy destination anyFW1firewall packet-filter default permit interzone trust outsideWarning:Setting the default packet filtering to permit poses security risks. Youare advised to configure the securit
21、y policy based on the actual data flows. Are you sure you want to continue?Y/NyFW1disFW1display policy interzone trust outside outbound01:28:23 2016/11/15policy interzone trust outside outboundfirewall default packet-filter is permit policy 1 (0 times matched)action permitpolicy service service-set
22、ippolicy source 192.168.0.0 mask 255.255.255.0policy source 192.168.0.150 0policy destination any恢復默認值 denyFW1firewall packet-filter default deny interzone trust outside FW1display policy interzone trust outside outbound 01:32:06 2016/11/15policy interzone trust outside outboundfirewall default pack
23、et-filter is denypolicy 1 (0 times matched)action permitpolicy service service-set ippolicy source 192.168.0.0 mask 255.255.255.0policy source 192.168.0.150 0policy destination any用內(nèi)網(wǎng)的路由 Telnet AR2 后,可以登錄 在防火墻查看會話狀態(tài)FW1display firewall session table verbose00:58:32 2016/11/15Current Total Sessions : 2telnet VPN:public - publicZone: trust- outside TTL: 00
溫馨提示
- 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預覽,若沒有圖紙預覽就沒有圖紙。
- 4. 未經(jīng)權益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負責。
- 6. 下載文件中如有侵權或不適當內(nèi)容,請與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。
最新文檔
- 銅基高精密自潤滑軸承項目可行性研究報告
- 人工智能計算芯片研發(fā)項目可行性研究報告
- 農(nóng)作物種子分析實務試題及答案
- 建筑廢棄物消納與環(huán)境保護項目可行性研究報告(僅供參考)
- 游泳救生員職業(yè)前景展望試題及答案
- 植保員職業(yè)資格考試2024年綜合能力測試試題答案
- 城鎮(zhèn)污水管道建設與改造項目可行性研究報告(范文參考)
- 2024年體育經(jīng)紀人職業(yè)資格考試備考試題及答案
- 農(nóng)作物種子保護措施試題及答案
- 2024年農(nóng)業(yè)植保員職業(yè)資格考試的多樣試題及答案
- 2024年浙江公路技師學院招聘筆試真題
- 2025年中考語文一輪專題復習:古詩詞曲梳理復習重點整合
- 2025年中學教師資格考試《綜合素質(zhì)》教育教學能力提升教育政策分析試題(含答案)
- 2025-2030中國菊芋菊粉行業(yè)市場發(fā)展趨勢與前景展望戰(zhàn)略研究報告
- 2025-2030中國氯堿行業(yè)市場發(fā)展分析及發(fā)展趨勢預測研究報告
- 資料對外提供管理制度
- 2025-2030中國建筑智能化工程行業(yè)市場發(fā)展分析及發(fā)展趨勢前景研究報告
- 呵護地球家園點亮綠色希望-2025年4月22日第56個世界地球日主題教育班會 高中主題班會優(yōu) 質(zhì)課件
- 網(wǎng)絡安全問題及其防范措施(基礎篇)-國家計算機網(wǎng)絡應急中心
- 橋隧工技能鑒定理論資源高級技師模擬考試題含答案
- 2025-2030中國5G基站建設情況及前景趨勢與投資研究報告
評論
0/150
提交評論