C防火墙配置实例
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
C防火墙配置实例Prepared on 21 November 2021
本文为大家介绍一个H3C防火墙的配置实例,配置内容包括:配置接口IP地址、配置区域、配置NAT地址转换、配置访问策略等,组网拓扑及需求如下。
1、网络拓扑图
2、配置要求
3、防火墙的配置脚本如下
#
sysnameH3CF100A
#
superpasswordlevel3cipher6aQ>Q57-$.I)0;4:\(I41!!!
#
firewallpacket-filterenable
firewallpacket-filterdefaultpermit
#
insulate
#
#
firewallstatisticsystemenable
#
radiusschemesystem
server-typeextended
#
domainsystem
#
local-usernet1980
passwordcipher######
service-typetelnet
level2
#
aspf-policy1
detecth323
detectsqlnet
detectrtsp
detecthttp
detectsmtp
detectftp
detecttcp
detectudp
#
#
aclnumber3001
descriptionout-inside
rule1000denyip
aclnumber3002
descriptioninside-to-outside
rule1000denyip
#
interfaceAux0
asyncmodeflow
#
interfaceEthernet0/0
shutdown
#
interfaceEthernet0/1
shutdown
#
interfaceEthernet0/2
speed100
duplexfull
descriptiontoserver firewallpacket-filter3002inbound firewallaspf1outbound
#
interfaceEthernet0/3
shutdown
#
interfaceEthernet1/0
shutdown
#
interfaceEthernet1/1
shutdown
#
interfaceEthernet1/2
speed100
duplexfull
descriptiontointernet firewallpacket-filter3001inbound firewallaspf1outbound natoutboundstatic
#
interfaceNULL0
#
firewallzonelocal
setpriority100
#
firewallzonetrust addinterfaceEthernet0/2 setpriority85
#
firewallzoneuntrust addinterfaceEthernet1/2 setpriority5
#
firewallzoneDMZ addinterfaceEthernet0/3 setpriority50
#
firewallinterzonelocaltrust #
firewallinterzonelocaluntrust #
firewallinterzonelocalDMZ
#
firewallinterzonetrustuntrust #
firewallinterzonetrustDMZ
#
firewallinterzoneDMZuntrust #
#
user-interfacecon0
user-interfaceaux0
user-interfacevty04 authentication-modescheme
#
return