防火墙如何配置防火墙混合模式
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
如何配置防火墙混合工作模式
案例一:
++++++++++++++++++++++++++++++++++++++++
注:缺省访问权限都允许的情况下,完成如下的配置即可
具体的访问控制配置过程参考访问控制操作篇
此环境中由路由器完成NAT(源地址转换)功能以实现共享上网
++++++++++++++++++++++++++++++++++++++++
〖配置相应网口的工作模式以及IP地址〗
TopsecOS# network interface eth0 no switchport
TopsecOS# network interface eth0 ip add 192.168.7.165 mask 255.255.255.0 TopsecOS# network interface eth0 no shutdown
TopsecOS# network interface eth1 switchport
TopsecOS# network interface eth1 switchport mode access
TopsecOS# network interface eth1 switchport access-vlan 1
TopsecOS# network interface eth1 no shutdown
TopsecOS# network interface eth2 switchport
TopsecOS# network interface eth2 switchport mode access
TopsecOS# network interface eth2 switchport access-vlan 1
TopsecOS# network interface eth2 no shutdown
配置完毕
TopsecOS# network interface vlan.1 no shutdown
配置完毕
〖配置缺省路由〗
TopsecOS# network route add dst 0.0.0.0/0 gw 192.168.7.1
建议在此不要选择连接端
口,让系统自动选择即可
〖简单的配置各个网口区域的缺省策略后即可正常通讯〗TopsecOS# define area add name area_eth0 attribute 'eth0 ' access on TopsecOS# define area add name area_eth1 attribute 'eth1 ' access on TopsecOS# define area add name area_eth2 attribute 'eth2 ' access on
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
案例二:
++++++++++++++++++++++++++++++++++++
注:缺省访问权限都允许的情况下,完成如下的配置即可
具体的访问控制配置过程参考访问控制操作篇
++++++++++++++++++++++++++++++++++++
〖配置相应网口的工作模式以及IP地址〗
TopsecOS# network interface eth0 no switchport
TopsecOS# network interface eth0 ip add 192.168.7.165 mask 255.255.255.0 TopsecOS# network interface eth0 no shutdown
TopsecOS# network interface eth1 switchport
TopsecOS# network interface eth1 switchport mode Trunk
TopsecOS# network interface eth1 switchport trunk encapsulation dot1q TopsecOS# network interface eth1 switchport trunk native-vlan 1 TopsecOS# network interface eth1 switchport access-vlan 10
TopsecOS# network interface eth1 switchport trunk allowed-vlan 1-1000 TopsecOS# network interface eth1 no shutdown
TopsecOS# network interface eth2 switchport
TopsecOS# network interface eth2 switchport mode access
TopsecOS# network interface eth2 switchport trunk encapsulation dot1q TopsecOS# network interface eth2 switchport trunk native-vlan 1 TopsecOS# network interface eth2 switchport access-vlan 30
TopsecOS# network interface eth2 switchport trunk allowed-vlan 1-1000 TopsecOS# network interface eth2 no shutdown