C防火墙配置实例 - 360文档中心

合集下载

相关主题

1、下载文档前请自行甄别文档内容的完整性，平台不提供额外的编辑、内容补充、找答案等附加服务。
2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
3、如文档侵犯您的权益，请联系客服反馈,我们会尽快为您处理(人工客服工作时间：9:00-18:30)。

C防火墙配置实例Prepared on 21 November 2021

本文为大家介绍一个H3C防火墙的配置实例，配置内容包括：配置接口IP地址、配置区域、配置NAT地址转换、配置访问策略等，组网拓扑及需求如下。

1、网络拓扑图

2、配置要求

3、防火墙的配置脚本如下

discur

#

sysnameH3CF100A

#

superpasswordlevel3cipher6aQ>Q57-$.I)0;4:\(I41!!!

#

firewallpacket-filterenable

firewallpacket-filterdefaultpermit

#

insulate

#

firewallstatisticsystemenable

#

radiusschemesystem

server-typeextended

#

domainsystem

#

local-usernet1980

passwordcipher######

service-typetelnet

level2

#

aspf-policy1

detecth323

detectsqlnet

detectrtsp

detecthttp

detectsmtp

detectftp

detecttcp

detectudp

#

aclnumber3001

descriptionout-inside

rule1000denyip

aclnumber3002

descriptioninside-to-outside

rule1000denyip

#

interfaceAux0

asyncmodeflow

#

interfaceEthernet0/0

shutdown

#

interfaceEthernet0/1

shutdown

#

interfaceEthernet0/2

speed100

duplexfull

descriptiontoserver firewallpacket-filter3002inbound firewallaspf1outbound

#

interfaceEthernet0/3

shutdown

#

interfaceEthernet1/0

shutdown

#

interfaceEthernet1/1

shutdown

#

interfaceEthernet1/2

speed100

duplexfull

descriptiontointernet firewallpacket-filter3001inbound firewallaspf1outbound natoutboundstatic

#

interfaceNULL0

#

firewallzonelocal

setpriority100

#

firewallzonetrust addinterfaceEthernet0/2 setpriority85

#

firewallzoneuntrust addinterfaceEthernet1/2 setpriority5

#

firewallzoneDMZ addinterfaceEthernet0/3 setpriority50

#

firewallinterzonelocaltrust #

firewallinterzonelocaluntrust #

firewallinterzonelocalDMZ

#

firewallinterzonetrustuntrust #

firewallinterzonetrustDMZ

#

firewallinterzoneDMZuntrust #

#

user-interfacecon0

user-interfaceaux0

user-interfacevty04 authentication-modescheme

#

return