華為USG5500防火墻配置實驗一_第1頁
華為USG5500防火墻配置實驗一_第2頁
華為USG5500防火墻配置實驗一_第3頁
華為USG5500防火墻配置實驗一_第4頁
華為USG5500防火墻配置實驗一_第5頁
已閱讀5頁,還剩3頁未讀, 繼續(xù)免費閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進行舉報或認領(lǐng)

文檔簡介

1、配置默認路由華為USG5500防火墻配置實驗1、實驗拓撲內(nèi)網(wǎng):192.168.0.0/24外網(wǎng):192.168.1.0/24其他設(shè)備地址規(guī)劃如圖,按照拓撲圖搭建網(wǎng)絡(luò),并配置設(shè)備地址2、具體配置命令A(yù)R1system-viewHuaweisys name AR1AR1i nteface g0/0/0AR1-GigabitEther netO/O/Oip address 192.168.0.150 24 AR1-GigabitEthernet0/0/0quit退岀AR1ip route-static 0.0.0.0 0.0.0.0 192.168.0.1AR1開啟Tel net 服務(wù)AR1user

2、-i nteface vty 0 4開啟遠程線程AR1-ui-vty0-4auAR1-ui-vty0-4authentication-mode password認證方式為 passwordPlease con figure the logi n password (maximum len gth 16):888登錄密碼AR1-ui-vty0-4user privilege level 3設(shè)置用戶等級AR1-ui-vty0-4AR2system-viewHuaweisys name AR2AR2i nteface g0/0/0PC2或者AR2-GigabitEthernet0/0/0ip add

3、AR2-GigabitEthernet0/0/0ip address 192.168.1.150 24 AR2-GigabitEthernet0/0/0qAR1ip route-static 0.0.0.0 0.0.0.0 192.168.1.1AR2 配置 Tel netAR2usAR2user-interface vAR2user-interface vty 0 4AR2-ui-vty0-4auAR2-ui-vty0-4authentication-mode p AR2-ui-vty0-4authentication-mode passwordPlease configure the lo

4、gin password (maximum length 16):666AR2-ui-vty0-4set authentication password cipher 666AR2-ui-vty0-4user privilege level 3AR2-ui-vty0-4q防火墻配置:The device is running!system-viewSRGsysname FW1FW1interface g0/0/0FW1-GigabitEthernet0/0/0ip add 192.168.0.1 24Warning: Address already exists!默認接口地址已經(jīng)存在,不用管F

5、W1-GigabitEthernet0/0/0qFW1interface g0/0/1FW1-GigabitEthernet0/0/1ip add 192.168.1.1 24 FW1-GigabitEthernet0/0/1qFW1display zone顯示區(qū)域配置localpriority is 100#trustpriority is 85interface of the zone is (1):GigabitEthernet0/0/0#untrustpriority is 5interface of the zone is (0):#dmzpriority is 50interfac

6、e of the zone is (0):FW1FW1firewall zone name outside FW1-zone-outsideset priority 30 FW1-zone-outsideq FW1firewall zone name inside FW1-zone-insideset priority 90創(chuàng)建一個名字為設(shè)置安全等級為outside 的區(qū)域30FW1-zone-insideqFW1display zoneFW1firewall zone outside 進入 outside 區(qū)域 FW1-zone-outsideadd interface GigabitEth

7、ernet 0/0/1,把接口 g0/0/1接入該區(qū)域FW1-zone-outsidedisplay this顯示當(dāng)前的配置firewall zone name outsideset priority 30add interface GigabitEthernet0/0/1 #return FW1-zone-outsideq FW1display policy all policy zone local#policy zone trust#查看策略policy zone untrust#policy zone dmz#policy zone outside#policy zone inside

8、#policy interzone local trust inbound firewall default packet-filter is permit #policy interzone local trust outbound firewall default packet-filter is permit #policy interzone local untrust inbound firewall default packet-filter is deny#policy interzone local untrust outbound firewall default packe

9、t-filter is permit #policy interzone local dmz inbound firewall default packet-filter is deny#policy interzone local dmz outbound firewall default packet-filter is permit#policy interzone local outside inbound firewall default packet-filter is deny #policy interzone local outside outbound firewall d

10、efault packet-filter is permit#policy interzone local inside inbound firewall default packet-filter is deny#policy interzone local inside outbound firewall default packet-filter is permit#policy interzone trust untrust inbound firewall default packet-filter is deny #policy interzone trust untrust ou

11、tbound firewall default packet-filter is deny #policy interzone trust dmz inbound firewall default packet-filter is deny#policy interzone trust dmz outbound firewall default packet-filter is deny#policy interzone trust outside inbound firewall default packet-filter is deny#policy interzone trust out

12、side outbound firewall default packet-filter is deny#policy interzone inside trust inbound firewall default packet-filter is deny#policy interzone inside trust outbound firewall default packet-filter is deny定義 outbound流量#policy interzone dmz untrust inboundfirewall default packet-filter is deny#poli

13、cy interzone dmz untrust outboundfirewall default packet-filter is deny#policy interzone outside untrust inboundfirewall default packet-filter is deny#policy interzone outside untrust outboundfirewall default packet-filter is deny#policy interzone inside untrust inboundfirewall default packet-filter

14、 is deny#policy interzone inside untrust outboundfirewall default packet-filter is deny#policy interzone dmz outside inboundfirewall default packet-filter is deny#policy interzone dmz outside outboundfirewall default packet-filter is deny#policy interzone inside dmz inboundfirewall default packet-fi

15、lter is deny#policy interzone inside dmz outboundfirewall default packet-filter is deny#policy interzone inside outside inboundfirewall default packet-filter is deny#policy interzone inside outside outboundfirewall default packet-filter is deny#FW1創(chuàng)建策略放行 outbound 流量FW1policy interzone trust outside

16、outbound FW1-policy-interzone-trust-outside-outboundpoli FW1-policy-interzone-trust-outside-outboundpolicy 1 FW1-policy-interzone-trust-outside-outbound-1poli FW1-policy-interzone-trust-outside-outbound-1policy soFW1-policy-interzone-trust-outside-outbound-1policy source192.168.0.150 001:27:13 2016/

17、11/15FW1-policy-interzone-trust-outside-outbound-1poliFW1-policy-interzone-trust-outside-outbound-1policy deFW1-policy-interzone-trust-outside-outbound-1policy destination any 01:27:25 2016/11/15FW1-policy-interzone-trust-outside-outbound-1acFW1-policy-interzone-trust-outside-outbound-1action pFW1-p

18、olicy-interzone-trust-outside-outbound-1action permit01:27:34 2016/11/15FW1-policy-interzone-trust-outside-outbound-1FW1-policy-interzone-trust-outside-outbound-1q01:27:37 2016/11/15FW1-policy-interzone-trust-outside-outboundFW1-policy-interzone-trust-outside-outboundq01:27:38 2016/11/15FW1FW1FW1dis

19、FW1display poFW1display poliFW1display policy iFW1display policy interzone tFW1display policy interzone trust oFW1display policy interzone trust outside outbound01:27:55 2016/11/15policy interzone trust outside outboundfirewall default packet-filter is denypolicy 1 (0 times matched)action permitpoli

20、cy service service-set ippolicy source 192.168.0.0 mask 255.255.255.0policy source 192.168.0.150 0policy destination anyFW1firewall packet-filter default permit interzone trust outsideWarning:Setting the default packet filtering to permit poses security risks. Youare advised to configure the securit

21、y policy based on the actual data flows. Are you sure you want to continue?Y/NyFW1disFW1display policy interzone trust outside outbound01:28:23 2016/11/15policy interzone trust outside outboundfirewall default packet-filter is permit policy 1 (0 times matched)action permitpolicy service service-set

22、ippolicy source 192.168.0.0 mask 255.255.255.0policy source 192.168.0.150 0policy destination any恢復(fù)默認值 denyFW1firewall packet-filter default deny interzone trust outside FW1display policy interzone trust outside outbound 01:32:06 2016/11/15policy interzone trust outside outboundfirewall default pack

23、et-filter is denypolicy 1 (0 times matched)action permitpolicy service service-set ippolicy source 192.168.0.0 mask 255.255.255.0policy source 192.168.0.150 0policy destination any用內(nèi)網(wǎng)的路由 Telnet AR2 后,可以登錄 在防火墻查看會話狀態(tài)FW1display firewall session table verbose00:58:32 2016/11/15Current Total Sessions : 2telnet VPN:public - publicZone: trust- outside TTL: 00

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

最新文檔

評論

0/150

提交評論