配置防火墻混合模式

1、如何配置防火墻混合工作模式案例一,:+注：缺省訪問(wèn)權(quán)限都允許的情況下，完成如下的配置即可具體的訪問(wèn)控制配置過(guò)程參考訪問(wèn)控制操作篇此環(huán)境中由路由器完成NAT （源地址轉(zhuǎn)換）功能以實(shí)現(xiàn)共享上網(wǎng)+配置相應(yīng)網(wǎng)口的工作模式以及IP地址TopsecOS# network interface eth0 no switchportTopsecOS# network interface eth0 ip add 192.168.7.165 mask 255.255.255.0TopsecOS# network interface eth0 no shutdownTopsecOS# network interfac

2、e eth1 switchportTopsecOS# network interface eth1 switchport mode accessTopsecOS# network interface eth1 switchport access-vlan 1TopsecOS# network interface eth1 no shutdownTopsecOS# network interface eth2 switchportTopsecOS# network interface eth2 switchport mode accessTopsecOS# network interface e

3、th2 switchport access-vlan 1TopsecOS# network interface eth2 no shutdown靖口描述模式地址變換屬性MTU狀態(tài)詢(xún)商速度路由ethOintranet 路由 192.1&8.7.165/255.255.255.015啟用 uto autcethl internet 換accessl：15啟用,auto autc囹eth2ssnaccessl：15啟用 JUto autc摟口信息配置完畢t但摟口信息配置完畢-0網(wǎng)洛卜口物理而 VLANi靜態(tài)瞄由| |動(dòng)態(tài)路由: CDP| ARP表|雄匚裹|- 名播TopsecOS# network

4、vlan add id 1TopsecOS# network interface vlan.1 ip add 10.1.1.1 mask 255.255.255.0TopsecOS# network interface vlan.1 no shutdownA|9UO 匚丑蜻耳Arvnm Ifdin岸翠與是曜口梆押堤首幽訥冊(cè)1梏迥期屋志輯耳:bASl o幽訥冊(cè)1梏迥期屋志輯耳:bASl o CS1 O 至舶*|郵曜匚Efe門(mén)鄂翠眨甲|逾翠區(qū)甲| ArvnI押皤援口-“O網(wǎng)祝| 0渙添加/朋除配置| 停加ULAhJI: 1涂加UL邸J范圍冊(cè)臆VLAhJ范圍注意:VLAN ID范圍是1-4094,總

5、數(shù)是200T提變?cè)O(shè)定|收消返回I 7 *891 ,261 昭 0/0 *0 *0 *0 *p ppv anoj#SO源sdoK田副融墓知|寶號(hào)京職0 國(guó)關(guān)O i己_)O i &q :方斯MAJV空新困滎服過(guò)翎冊(cè)觀商置MAJVW W 芯強(qiáng)主口魏含四繇君UTM北眼MAJVATSD O.nslv崛倦 T電Erl垢外為 用且或I己I D,己己E,己己E,己己EU，I，g1000.nslv南蘭喜成Ii眼寶密I.I.I.0I :加醐卬口，己己，己己，己四:阻承口:加哉外4|回里爵弭|寶垢交If1 151加眼寶秀.制冊(cè)回醐批舶H或rmis由呂051ICOJU 平辛蜘LR 口口耶院劍做華不曾Mffl明口舞易回

6、mini花牌NV1Arwm克墨圉曳MTI八尚ffl/明繃皇削win手的辭一函壬 O iSD o J-SAd等薜啟系藐-啟系藐-伍網(wǎng)第I物理接口- VLAN口靜態(tài)路存動(dòng)態(tài)跖由: CDP| ARP表 M虹表:”“ 多播| DHCP網(wǎng)谿鏈路 - DNS策略路由表路由ID源目的 網(wǎng)關(guān) 標(biāo)記 Metric 接口 移動(dòng) 刪除靜態(tài)路由表 H 添加靜態(tài)路苗廠目的網(wǎng)關(guān)標(biāo)記Metric接口1目的網(wǎng)關(guān)標(biāo)記Metric接口1冊(cè)除0.0.0.0/0192.168.7.165/320.0.0.0UL1Ioi0,0,0,0/010.1.1.1/320,0.0.0UL1Ioi0.0.0.192.168.7.0/240.0.0

7、.0uc10ethoI0.0.0.10.1.1.0/240.0.0.0uc10vlan.0001n鼻口: -算轉(zhuǎn)盤(pán)口- hJSfuc : J1-92232回苦：TdSTQSAI牛握瞄:OOOO握郴褂：OOOO建議在此不要選擇連接端目口，讓系統(tǒng)自動(dòng)選擇即可日；簡(jiǎn)單的配置各個(gè)網(wǎng)口區(qū)域的缺省策略后即可正常通訊TopsecOS# define area add name area_eth0 attribute eth0 access on TopsecOS# define area add name area_eth1 attribute eth1 access on TopsecOS# define

8、 area add name area_eth2 attribute eth2 access on匠瑾馮童 I n環(huán)祖 I售橋羿蓄+ .0蟀袍+ EJ郴押羿蓄-P啊童+ （T?網(wǎng)勰；-0彩翠區(qū)域?qū)ο髤^(qū)律狙警區(qū)間狙童權(quán)限 律改 刪除允許鬲 1ItEiesc四町 e-fFOGfpSGfPTswe漆逝n擇（丑花卯）添加配置舜庠n既耳姑困|叫回03-珞脂蜷鬼冊(cè)1略睡娜輯由定屬性（財(cái)多選） ethO珞脂牌盜啊蟄-擔(dān)辮9ksg_s;pjg舊廠神5 9舊曠日耳丁 日任一弭目drea_ethLi揩亞籍軍筋娘逐回+ e系統(tǒng) q網(wǎng)結(jié)- o對(duì)竦十曲地址對(duì)象+席員載均衡材服務(wù)對(duì)象i |屋性對(duì)象；口屬性只口區(qū)域?qū)ο髸r(shí)間

9、對(duì)象御I御I案例二：TrunkDotlQ192.168.7.165Eth2Vlan30Vlan 10: 10.1.1.24Vlan20 20.1.1.0/24 Gw:20.1.1.1Vlan 20: 20.1.1.1/24Vlan 30: 30.1.1.1/2430.1.1.0/24 Gw:30111Vlan1010.1.1.0/24Gw:10.1.1.1Eth0:192.168.7.1Internet應(yīng)用環(huán)境二+注：缺省訪問(wèn)權(quán)限都允許的情況下，完成如下的配置即可具體的訪問(wèn)控制配置過(guò)程參考訪問(wèn)控制操作篇+配置相應(yīng)網(wǎng)口的工作模式以及IP地址TopsecOS# network interface

10、eth0 no switchportTopsecOS# network interface eth0 ip add 192.168.7.165 mask 255.255.255.0TopsecOS# network interface eth0 no shutdownTopsecOS# network interface eth1 switchportTopsecOS# network interface eth1 switchport mode TrunkTopsecOS# network interface eth1 switchport trunk encapsulation dot1q

11、TopsecOS# network interface eth1 switchport trunk native-vlan 1TopsecOS# network interface eth1 switchport access-vlan 10TopsecOS# network interface eth1 switchport trunk allowed-vlan 1-1000TopsecOS# network interface eth1 no shutdownTopsecOS# network interface eth2 switchportTopsecOS# network inter

12、face eth2 switchport mode accessTopsecOS# network interface eth2 switchport trunk encapsulation dot1qTopsecOS# network interface eth2 switchport trunk native-vlan 1TopsecOS# network interface eth2 switchport access-vlan 30TopsecOS# network interface eth2 switchport trunk allowed-vlan 1-1000TopsecOS#

13、 network interface eth2 no shutdown|但|但系統(tǒng)-臼同貉 口物理步| VLAN| |靜態(tài)路由D動(dòng)態(tài)路由| CDP端口描述模式地址變換尾性NTU狀態(tài)協(xié)商速度路白ethOintranet 站由 192.168.7.165/255.255.255.01500啟用autoautoethlinternet 換trunk 15口口啟用autoauto$eth2ssn 變換access30 1500 啟用 autoautoTopsecOS# network vlan add id 10TopsecOS# network interface vlan.10 ip add 10

14、.1.1.1 mask 255.255.255.0TopsecOS# network interface vlan.10 no shutdownTopsecOS# network vlan add id 20TopsecOS# network interface vlan.20 ip add 20.1.1.1 mask 255.255.255.0TopsecOS# network interface vlan.20 no shutdownTopsecOS# network vlan add id 30TopsecOS# network interface vlan.30 ip add 30.1

15、.1.1 mask 255.255.255.0TopsecOS# network interface vlan.30 no shutdown-&-&網(wǎng)洛口物理接口+ |靜態(tài)路由|-動(dòng)態(tài)路由: CDP| ARP表| | MAC表|名播| DHCP網(wǎng)鋁鏈路 DNS模式；PVST O CST O 美閉提交設(shè)定ML AIM設(shè)置添加/冊(cè)除范圍涪VLAN VLAN地址MTU狀態(tài)包含接口地址信息生成樹(shù)門(mén)，口 KST模式 TOC o 1-5 h z vln.001010.1.1.1/255.255.255.01如啟用ethl曲vln.002020,1,1,1/255.255.255,01況口 啟用ethl爭(zhēng)v

16、ln.003030.1.1.1/255.255.255.015口啟用ethl eth2序配置缺省路由TopsecOS# network route add dst 0.0.0.0/0 gw 192.168.7.1啟系藐-&網(wǎng)貉物理前| | VLANI D靜態(tài)路由動(dòng)態(tài)路由| | CDP| | ARP表I | 曄匚表|多播| | DHCP 網(wǎng)鰭鏈路| ，- Q DMS舊對(duì)香t 啟認(rèn)旺 Q QOS+ 1防火塘引擎策略路由表添加策略路由路由ID源目的 網(wǎng)關(guān) 標(biāo)記 Metric 按口 移動(dòng) 冊(cè)臆源目的網(wǎng)關(guān)標(biāo)記Metric接口0.0.0.0/0192.168.7.165/320.0.0.0UL1Ioa0.

17、0.0.10.1.1.1/220.0.0.0UL1Ioa0.0.0.20.1.1.1/320.0.0.0UL1Io0.0,0,30.1.1,1/320.0,0.0UL1Ioa0.0.0.0/0192.168.7.0/240.0.0.0IX10ethon0.0.0.0/0192.168.7.0/240.0.0.0IX100ipsecOn0.0,0,0/010.1.1,0/240.0,0.0UC10vlan.0010n.JO20.1.1.0/24UC10vl an. 0020a30.1.1.0/24UC10vl an. 00300.0.0.0；00.0.0.0/0192.168.7.1UGS1ethOjJ靜態(tài)瞄由表拳加靜態(tài)瞄由簡(jiǎn)單的配置各個(gè)網(wǎng)口區(qū)域的缺省策略后即可正常通訊TopsecOS# define area add name area_eth0 attribute eth0 access on TopsecOS# define area add name area_eth1 attribute eth1 access on TopsecOS# define area add name area_eth2 attribute