华为USG5500防火墙配置实验一_第1页
华为USG5500防火墙配置实验一_第2页
华为USG5500防火墙配置实验一_第3页
华为USG5500防火墙配置实验一_第4页
华为USG5500防火墙配置实验一_第5页
已阅读5页,还剩3页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

1、配置默认路由华为USG5500防火墙配置实验1、实验拓扑内网:192.168.0.0/24外网:192.168.1.0/24其他设备地址规划如图,按照拓扑图搭建网络,并配置设备地址2、具体配置命令AR1system-viewHuaweisys name AR1AR1i nteface g0/0/0AR1-GigabitEther netO/O/Oip address 192.168.0.150 24 AR1-GigabitEthernet0/0/0quit退岀AR1ip route-static 0.0.0.0 0.0.0.0 192.168.0.1AR1开启Tel net 服务AR1user

2、-i nteface vty 0 4开启远程线程AR1-ui-vty0-4auAR1-ui-vty0-4authentication-mode password认证方式为 passwordPlease con figure the logi n password (maximum len gth 16):888登录密码AR1-ui-vty0-4user privilege level 3设置用户等级AR1-ui-vty0-4AR2system-viewHuaweisys name AR2AR2i nteface g0/0/0PC2或者AR2-GigabitEthernet0/0/0ip add

3、AR2-GigabitEthernet0/0/0ip address 192.168.1.150 24 AR2-GigabitEthernet0/0/0qAR1ip route-static 0.0.0.0 0.0.0.0 192.168.1.1AR2 配置 Tel netAR2usAR2user-interface vAR2user-interface vty 0 4AR2-ui-vty0-4auAR2-ui-vty0-4authentication-mode p AR2-ui-vty0-4authentication-mode passwordPlease configure the lo

4、gin password (maximum length 16):666AR2-ui-vty0-4set authentication password cipher 666AR2-ui-vty0-4user privilege level 3AR2-ui-vty0-4q防火墙配置:The device is running!system-viewSRGsysname FW1FW1interface g0/0/0FW1-GigabitEthernet0/0/0ip add 192.168.0.1 24Warning: Address already exists!默认接口地址已经存在,不用管F

5、W1-GigabitEthernet0/0/0qFW1interface g0/0/1FW1-GigabitEthernet0/0/1ip add 192.168.1.1 24 FW1-GigabitEthernet0/0/1qFW1display zone显示区域配置localpriority is 100#trustpriority is 85interface of the zone is (1):GigabitEthernet0/0/0#untrustpriority is 5interface of the zone is (0):#dmzpriority is 50interfac

6、e of the zone is (0):FW1FW1firewall zone name outside FW1-zone-outsideset priority 30 FW1-zone-outsideq FW1firewall zone name inside FW1-zone-insideset priority 90创建一个名字为设置安全等级为outside 的区域30FW1-zone-insideqFW1display zoneFW1firewall zone outside 进入 outside 区域 FW1-zone-outsideadd interface GigabitEth

7、ernet 0/0/1,把接口 g0/0/1接入该区域FW1-zone-outsidedisplay this显示当前的配置firewall zone name outsideset priority 30add interface GigabitEthernet0/0/1 #return FW1-zone-outsideq FW1display policy all policy zone local#policy zone trust#查看策略policy zone untrust#policy zone dmz#policy zone outside#policy zone inside

8、#policy interzone local trust inbound firewall default packet-filter is permit #policy interzone local trust outbound firewall default packet-filter is permit #policy interzone local untrust inbound firewall default packet-filter is deny#policy interzone local untrust outbound firewall default packe

9、t-filter is permit #policy interzone local dmz inbound firewall default packet-filter is deny#policy interzone local dmz outbound firewall default packet-filter is permit#policy interzone local outside inbound firewall default packet-filter is deny #policy interzone local outside outbound firewall d

10、efault packet-filter is permit#policy interzone local inside inbound firewall default packet-filter is deny#policy interzone local inside outbound firewall default packet-filter is permit#policy interzone trust untrust inbound firewall default packet-filter is deny #policy interzone trust untrust ou

11、tbound firewall default packet-filter is deny #policy interzone trust dmz inbound firewall default packet-filter is deny#policy interzone trust dmz outbound firewall default packet-filter is deny#policy interzone trust outside inbound firewall default packet-filter is deny#policy interzone trust out

12、side outbound firewall default packet-filter is deny#policy interzone inside trust inbound firewall default packet-filter is deny#policy interzone inside trust outbound firewall default packet-filter is deny定义 outbound流量#policy interzone dmz untrust inboundfirewall default packet-filter is deny#poli

13、cy interzone dmz untrust outboundfirewall default packet-filter is deny#policy interzone outside untrust inboundfirewall default packet-filter is deny#policy interzone outside untrust outboundfirewall default packet-filter is deny#policy interzone inside untrust inboundfirewall default packet-filter

14、 is deny#policy interzone inside untrust outboundfirewall default packet-filter is deny#policy interzone dmz outside inboundfirewall default packet-filter is deny#policy interzone dmz outside outboundfirewall default packet-filter is deny#policy interzone inside dmz inboundfirewall default packet-fi

15、lter is deny#policy interzone inside dmz outboundfirewall default packet-filter is deny#policy interzone inside outside inboundfirewall default packet-filter is deny#policy interzone inside outside outboundfirewall default packet-filter is deny#FW1创建策略放行 outbound 流量FW1policy interzone trust outside

16、outbound FW1-policy-interzone-trust-outside-outboundpoli FW1-policy-interzone-trust-outside-outboundpolicy 1 FW1-policy-interzone-trust-outside-outbound-1poli FW1-policy-interzone-trust-outside-outbound-1policy soFW1-policy-interzone-trust-outside-outbound-1policy source192.168.0.150 001:27:13 2016/

17、11/15FW1-policy-interzone-trust-outside-outbound-1poliFW1-policy-interzone-trust-outside-outbound-1policy deFW1-policy-interzone-trust-outside-outbound-1policy destination any 01:27:25 2016/11/15FW1-policy-interzone-trust-outside-outbound-1acFW1-policy-interzone-trust-outside-outbound-1action pFW1-p

18、olicy-interzone-trust-outside-outbound-1action permit01:27:34 2016/11/15FW1-policy-interzone-trust-outside-outbound-1FW1-policy-interzone-trust-outside-outbound-1q01:27:37 2016/11/15FW1-policy-interzone-trust-outside-outboundFW1-policy-interzone-trust-outside-outboundq01:27:38 2016/11/15FW1FW1FW1dis

19、FW1display poFW1display poliFW1display policy iFW1display policy interzone tFW1display policy interzone trust oFW1display policy interzone trust outside outbound01:27:55 2016/11/15policy interzone trust outside outboundfirewall default packet-filter is denypolicy 1 (0 times matched)action permitpoli

20、cy service service-set ippolicy source 192.168.0.0 mask 255.255.255.0policy source 192.168.0.150 0policy destination anyFW1firewall packet-filter default permit interzone trust outsideWarning:Setting the default packet filtering to permit poses security risks. Youare advised to configure the securit

21、y policy based on the actual data flows. Are you sure you want to continue?Y/NyFW1disFW1display policy interzone trust outside outbound01:28:23 2016/11/15policy interzone trust outside outboundfirewall default packet-filter is permit policy 1 (0 times matched)action permitpolicy service service-set

22、ippolicy source 192.168.0.0 mask 255.255.255.0policy source 192.168.0.150 0policy destination any恢复默认值 denyFW1firewall packet-filter default deny interzone trust outside FW1display policy interzone trust outside outbound 01:32:06 2016/11/15policy interzone trust outside outboundfirewall default pack

23、et-filter is denypolicy 1 (0 times matched)action permitpolicy service service-set ippolicy source 192.168.0.0 mask 255.255.255.0policy source 192.168.0.150 0policy destination any用内网的路由 Telnet AR2 后,可以登录 在防火墙查看会话状态FW1display firewall session table verbose00:58:32 2016/11/15Current Total Sessions : 2telnet VPN:public - publicZone: trust- outside TTL: 00

人人文库> 全部分类> 行业资料 > 信息产业

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

最新文档

评论

0/150

提交评论