当前位置:文档之家 › H3C+SecPath+U200-C统一威胁管理产品+客户使用手册-5PW101

H3C+SecPath+U200-C统一威胁管理产品+客户使用手册-5PW101

  • 格式:pdf
  • 大小:2.49 MB
  • 文档页数:74

下载文档原格式

  / 74

合集下载

HCSECPATHR版本说明书

HCSECPATHR版本说明书

H3C SECPATH9000M- SECBLADENGFW-CMW710-R9115P11 版本说明书软件特性变更说明Copyright © 2015 杭州华三通信技术有限公司版权所有,保留一切权利。

非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。

本文档中的信息可能变动,恕不另行通知。

目录SECPATH9000M-SECBLADENGFW-CMW710-R9115P11版本 (1)1.1 NAT配置命令修改 (1)1.1.1 address (1)SECPATH9000M-SECBLADENGFW-CMW710-R9115P10版本 (1)1 新增特性—设备在域间策略丢包时,发送ICMP差错报文 (1)1.1.1 aspf icmp-error reply (1)2 新增特性—在NAT转换失败时,发送ICMP差错报文 (2)2.1 nat icmp-error reply (2)3 变更特性—会话备份 (2)3.1 变更会话备份默认属性 (2)3.2 新增会话备份配置命令 (3)3.2.1 session synchronization { dns | http } * (3)4 变更特性—NAT ALG 默认配置变更 (4)4.1 NAT ALG 默认配置命令 (4)4.1.1 nat alg (4)SECPATH9000M-SECBLADENGFW-CMW710-R9115P05版本 (1)1 修改命令 (1)1.1.1 nat server (1)SECPATH9000M-SECBLADENGFW-CMW710-R9115P04版本 (1)SECPATH9000M-SECBLADENGFW-CMW710-R9115P02版本 (1)SECPATH9000M-SECBLADENGFW-CMW710-R9115版本 (1)1 新增特性—配置流量转发模式 (1)1.1 流量转发模式配置 (1)1.2 流量转发模式配置命令 (1)1.2.1 forwarding policy (1)SECPATH9000M-SECBLADENGFW-CMW710-E9114P05版本 (3)SECPATH9000M-SECBLADENGFW-CMW710-E9114P04版本 (4)1 新增特性—静态NAT生成OpneFlow流表功能 (4)1.1 静态NAT生成OpneFlow流表功能配置 (4)1.2 静态NAT生成OpneFlow流表功能配置命令 (4)SECPATH9000M-SECBLADENGFW-CMW710-E9114P03版本 (6)SECPATH9000M-SECBLADENGFW-CMW710-E9114P01版本 (7)1 新增特性—配置Track与接口物理状态联动 (7)1.1 Track与接口物理状态联动配置 (7)1.2 Track与接口物理状态联动配置命令 (7)1.2.1 track interface physical (7)2 变更特性—开启会话统计功能 (8)2.1 特性变更说明 (8)2.2 命令变更说明 (8)2.2.1 修改—开启会话统计功能命令 (8)3 变更特性—指定冗余组节点的倒回延时 (9)3.1 特性变更说明 (9)3.2 命令变更说明 (9)3.2.1 修改—指定冗余组节点的倒回延时命令 (9)SECPATH9000M-SECBLADENGFW-CMW710-D9112版本 (10)1 新增特性-配置Context (10)1.1 Context配置 (10)1.1.1 为Context分配VLAN配置 (10)1.1.2 为Context限制吞吐量 (11)1.1.3 为Context限制对象策略规则数 (11)1.1.4 为Context限制会话并发数 (12)1.1.5 为Context限制会话新建速率 (12)1.2 Contex配置命令 (12)2 新增特性-清除安全引擎的加载软件包 (13)2.1 清除安全引擎的加载软件包配置命令 (13)2.1.1 reset boot-loader blade (13)3 新增特性-普通二层转发 (14)3.1 普通二层转发配置 (14)3.1.1 普通二层转发的工作机制 (14)3.1.2 配置普通二层转发 (14)3.1.3 普通二层转发显示和维护 (14)3.2 普通二层转发配置命令 (14)3.2.2 reset mac-forwarding statistics (16)4 新增特性-定位设备 (16)4.1 定位设备配置 (16)4.2 定位设备配置命令 (17)4.2.1 locator blink (17)5 新增特性-配置用户角色切换的缺省目的用户角色 (18)5.1 用户角色切换的缺省目的用户角色配置命令 (18)5.2 super default role (18)6 新增特性—DHCP地址池报警功能 (19)6.1 DHCP地址池报警功能配置 (19)6.2 DHCP地址池报警功能配置命令 (19)6.2.1 ip-in-use threshold (19)7 新增特性-ACL加速配置 (20)7.1 ACL加速配置 (20)7.2 ACL加速命令 (21)7.2.1 accelerate (21)7.2.2 display acl accelerate (22)8 新增特性—配置攻击检测与防范 (23)8.1 攻击检测与防范配置 (23)8.1.1 攻击检测及防范简介 (23)8.1.2 攻击检测及防范配置任务简介 (23)8.1.3 配置攻击防范 (24)8.1.4 配置TCP客户端验证 (32)8.1.5 配置DNS客户端验证 (32)8.1.6 配置HTTP客户端验证 (32)8.1.7 配置黑名单 (33)8.2 攻击检测与防范配置命令 (33)9 新增特性—配置对象策略加速 (37)9.1 对象策略加速配置 (37)9.2 对象策略加速配置命令 (37)9.2.1 accelerate (37)10 新增特性—显示对象策略加速功能相关信息 (38)10.1 显示对象策略加速功能相关信息配置 (38)10.2 显示对象策略加速功能相关信息配置命令 (38)10.2.1 portal nas-port-id format (38)11 新增特性—配置会话业务热备功能 (39)11.1 会话业务热备份功能配置 (39)11.2 会话业务热备功能配置命令 (39)11.3 session synchronization enable (39)12.1 备份组配置 (40)12.1.1 配置备份组 (40)12.1.2 备份组显示和维护 (41)12.2 备份组配置命令 (41)12.2.1 bind (41)12.2.2 display failover group (42)12.2.3 failover group (43)13 变更特性-创建安全域实例 (44)13.1 特性变更说明 (44)13.2 命令变更说明 (44)13.2.1 修改- interzone source (44)14 变更特性-显示已创建的所有域间实例的信息 (44)14.1 特性变更说明 (44)14.2 命令变更说明 (45)14.2.1 修改display interzone (45)15 变更特性—在BETH-Trunk接口下加入指定的成员口 (45)15.1 特性变更说明 (45)15.2 命令变更说明 (45)15.2.1 修改- member priority (45)16 变更特性—配置安全域间实例上应用ACL进行报文过滤 (46)16.1 特性变更说明 (46)16.2 命令变更说明 (46)16.2.1 修改- packet-filter (46)17 变更特性—清除ACL在报文过滤中应用的统计信息 (46)17.1 特性变更说明 (46)17.2 命令变更说明 (47)17.2.1 修改- reset packet-filter statistics (47)18 变更特性—配置SSH用户的服务类型 (47)18.1 特性变更说明 (47)18.2 命令变更说明 (47)18.2.1 修改- ssh user service-type (47)19 变更特性—计算用户给定明文密码通过加密算法处理后得到的密文密码所对应摘要 (48)19.1 特性变更说明 (48)19.2 命令变更说明 (48)19.2.1 修改- snmp-agent calculate-password (48)20.1 特性变更说明 (49)20.2 命令变更说明 (49)20.2.1 修改- nqa template (49)21 变更特性—配置本地用户或用户组的授权属性 (50)21.1 特性变更说明 (50)21.2 命令变更说明 (50)21.2.1 修改- authorization-attribute (50)SECPATH9000M-SECBLADENGFW-CMW710-E9110P04版本 (52)1 新增特性—保存上一跳信息 (52)1.1 保存上一跳信息配置 (52)1.2 保存上一跳信息配置命令 (52)1.2.1 iplast-hop hold (52)SECPATH9000M-SECBLADENGFW-CMW710-D9110P03版本 (54)1 变更特性—支持在聚合口和全局下应用QoS策略 (54)1.1 特性变更说明 (54)1.2 命令变更说明 (54)1.2.1 修改-qos apply policy (54)1.2.2 修改-qos apply policy global (55)SECPATH9000M-SECBLADENGFW-CMW710-D9110P02版本 (56)SECPATH9000M-SECBLADENGFW-CMW710-D9110P01版本 (57)SECPATH9000M-SECBLADENGFW-CMW710-R9115P11版本本版本特性变更情况如下:NAT配置命令修改1.1 NAT配置命令修改1.1.1 addressaddress命令用来添加一个地址组成员。

H3CUTM统一威胁管理产品介绍

H3CUTM统一威胁管理产品介绍

安全产品介绍第一章 H3C UTM介绍 (1)1.1 H3C SecPath U200-A (11)1.2 H3C SecPath U200-M (12)1.3 H3C SecPath U200-S (13)1.4 H3C SecPath U200-CA (14)1.5 H3C SecPath U200-CM (15)1.5 H3C SecPath U200-CS (15)第一章 H3C UTM介绍H3C SecPath U200是H3C公司面向中小型企业/分支机构设计的新一代UTM(United Threat Management,统一威胁管理)设备,采用高性能的多核、多线程安全平台,保障全部安全功能开启时不降低性能,产品具有极高的性价比。

在提供传统防火墙、VPN功能基础上,同时提供病毒防护、URL过滤、漏洞攻击防护、垃圾邮件防护、P2P/IM应用层流量控制和用户行为审计等安全功能。

H3C公司的SecPath U200不仅能够全面有效的保证用户网络的安全,还支持SNMP和TR-069网管方式,最大化减少设备运营成本和维护复杂性。

市场领先的安全防护功能l 完善的防火墙功能:提供安全区域划分、静态/动态黑名单功能、MAC和IP绑定、访问控制列表(ACL)和攻击防范等基本功能,还提供基于状态的检测过滤、虚拟防火墙、VLAN透传等功能。

能够防御ARP欺骗、TCP报文标志位不合法、Large ICMP报文、CC、SYN flood、地址扫描和端口扫描等多种恶意攻击。

l 丰富的VPN特性:支持L2TP VPN、GRE VPN、IPSec VPN等远程安全接入方式,同时设备集成硬件加密引擎实现高性能的VPN处理。

l 实时的病毒防护:采用Kaspersky公司的流引擎查毒技术,从而迅速、准确查杀网络流量中的病毒等恶意代码。

l 实时的垃圾邮件防护:可以拦截垃圾邮件,净化邮件系统,解决垃圾邮件对正常工作的干扰问题。

H3C SecPath UTM统一威胁管理产品日常维护指导书

H3C SecPath UTM统一威胁管理产品日常维护指导书

H3C UTM产品日常维护指导书V1.0杭州华三通信技术有限公司修订记录目录第1章日常维护建议 (2)1.1 UTM产品日常维护建议 (2)第2章维护操作指导 (4)2.1 H3C UTM设备日常维护操作指导 (4)2.2 H3C UTM设备季度维护操作指导 (4)2.3 H3C UTM设备年度维护操作指导 (5)第3章维护记录表格 (6)3.1 H3C UTM设备日常维护值班日志 (6)3.2 H3C UTM设备季度维护记录表 (7)3.3 H3C UTM设备年度维护记录表 (8)3.4 H3C UTM设备突发问题处理记录表 (9)3.5 硬件更换记录表 (10)3.6 系统参数修改记录表 (11)第4章常见故障处理 (12)4.1 Ping不通或丢包 (12)4.1.1 故障描述 (12)4.1.2 故障处理步骤 (12)4.2 有NAT转换情况下,Ping丢包或不通 (13)4.2.1 故障描述 (13)4.2.2 故障处理步骤 (13)4.2.3 故障诊断命令 ................................................................................. 错误!未定义书签。

4.3 动态NAT转换故障(以动态NAT Outbound为例) (14)4.3.1 故障描述 (14)4.3.2 故障处理步骤 (15)4.4 设备作为出口网关设备割接之后,NAT业务不通,但是设备接口IP地址可以Ping通 (16)4.4.1 故障描述 (16)4.4.2 故障处理步骤 (16)4.4.3 故障诊断命令 ................................................................................. 错误!未定义书签。

4.5 CPU占用率高 (17)4.5.1 故障描述 (17)4.5.2 故障处理步骤 (18)4.6 内存占用率高 (19)4.6.1 故障描述 (19)4.6.2 故障处理步骤 (19)4.6.3 故障诊断命令 ................................................................................. 错误!未定义书签。

H3C SecPath F100-C-SI防火墙 Web配置指导-5PW100-安全配置

H3C SecPath F100-C-SI防火墙 Web配置指导-5PW100-安全配置

目录1访问控制 ············································································································································ 1-11.1 概述 ··················································································································································· 1-11.2 配置访问控制····································································································································· 1-11.3 访问控制典型配置举例 ······················································································································ 1-3 2网站过滤 ············································································································································ 2-12.1 概述 ··················································································································································· 2-12.2 网站过滤典型配置举例 ······················································································································ 2-23 MAC地址过滤 ···································································································································· 3-13.1 概述 ··················································································································································· 3-13.2 配置MAC地址过滤····························································································································· 3-13.2.1 配置MAC地址过滤类型··········································································································· 3-13.2.2 配置要过滤的MAC地址··········································································································· 3-23.3 MAC地址过滤典型配置举例 ·············································································································· 3-3 4攻击防范 ············································································································································ 4-14.1 概述 ··················································································································································· 4-14.1.1 黑名单功能······························································································································ 4-14.1.2 入侵检测功能 ·························································································································· 4-14.2 配置黑名单 ········································································································································ 4-34.2.1 配置概述 ································································································································· 4-34.2.2 启用黑名单过滤功能 ··············································································································· 4-44.2.3 手动新建黑名单表项 ··············································································································· 4-44.2.4 查看黑名单······························································································································ 4-54.3 配置入侵检测····································································································································· 4-54.4 攻击防范典型配置举例 ······················································································································ 4-64.4.1 攻击防范典型配置举例 ··········································································································· 4-6 5应用控制 ············································································································································ 5-15.1 概述 ··················································································································································· 5-15.2 配置应用控制····································································································································· 5-15.2.1 配置概述 ································································································································· 5-15.2.2 加载应用程序 ·························································································································· 5-15.2.3 配置自定义应用程序 ··············································································································· 5-25.2.4 使能应用控制 ·························································································································· 5-35.3 应用控制典型配置举例 ······················································································································ 5-41 访问控制1.1 概述访问控制是指通过设置时间段、局域网内计算机的IP地址、端口范围和数据包协议类型,禁止符合指定条件的数据包通过,来限制局域网内的计算机对Internet的访问。

H3C SecPath U200-CS_U200-CM_U200-CA统一威胁管理产品 安装指导-5PW103-第2章 接口卡和接口模块

H3C SecPath U200-CS_U200-CM_U200-CA统一威胁管理产品 安装指导-5PW103-第2章 接口卡和接口模块
1. 模块简介 NSQ1GT2UA0 是 H3C 公司开发的、类型为 MIM 的高速三层千兆以太网接口模块。该模块提供 2 个 RJ45 电口,并且所有接口都具备三层路由功能。每个接口都由一个独立的指示灯表示当前的运
2-2
行状态。NSQ1GT2UA0 通过 PCIE 的高速总线和处理器连接,能够为用户提供高性能的三层以太 网接口的全部功能。 2. 前面板图
图2-1 2GE 前面板图
(1)
(2)
(3)
(4)
(5)
(7)
(1) 松不脱螺丝 (3) GE 口 0 的链路状态指示灯(LINK) (5) GE 口 1 的链路状态指示灯(LINK) (7) GE 口 0 数据收发状态指示灯(ACT)
3. 指示灯说明 表2-1 2GE 模块指示灯说明
状态
LINK
常灭 常亮
WLAN 模块天线的连接方法,请参见《第 4 章 UTM 设备的安装》中的“4.10.6 连接 NSQ1WLAN0 模块接口天线”。
2.5 槽位排列顺序及接口编号规则
2.5.1 槽位排列顺序
UTM 设备支持多种接口,包括 Console 口、GE 口等,每种接口在配置时按编号排列。
2.5.2 接口编号规则
属性
描述
连接器类型
SFP/LC
接口数量
4个
接口标准
802.3,802.3u 和 802.3ab
接口标准
Ethernet_II Ethernet_SNAP
接口速率
1000Mbps
发送光功 率
类型 最小 最大
短距多模 -9.5dBm 0dBm
中距单模 -9dBm -3dBm
长距(1310nm) 长距(1550nm) 超长距离

H3C SecPath U200-C

H3C SecPath U200-C

声明
Copyright © 2009-2010 杭州华三通信技术有限公司及其许可者 版权
所有,保留一切权利。
未经本公司书面许可,任何单位和个人不得擅自摘抄、复制本书内容 的部分或全部,并不得以任何形式传播。
H3C、
、Aolynk、
、H3Care、
、TOP G、

IRF、NetPilot、Neocean、NeoVTL、SecPro、SecPoint、SecEngine、 SecPath、Comware、Secware、Storware、NQA、VVG、V2G、VnG、
IMPORTANT! See Compliance and Safety information for the product before connecting to the supply. 您可以通过以下步骤获取本产品的安全与兼容性信息:
To obtain Compliance and Safety information, follow these steps: (1) 请访问网址:/Technical_Documents;
z 第 2 章 安全注意事项。介绍 H3C SecPath U200-C 安装和使用中 需要注意的事项。
z 第 3 章 产品介绍。介绍 H3C SecPath U200-C 的主要功能、应用 环境及其外观。
z 第 4 章 基本连接配置。介绍 H3C SecPath U200-C 的基本连接配 置步骤。
本书约定
1.命令行格式约定
格式
意义
粗体
命令行关键字(命令中保持不变、必须照输的部分)采用 加粗字体表示。
斜体
命令行参数(命令中必须由实际值部分在命令配置时是可选的。
格式 { x | y | ... } [ x | y | ... ]

H3C SecPath T200-M入侵防御系统 产品彩页-5PW101-20091211

H3C SecPath T200-M 入侵防御系统1 产品概述H3C SecPath T200-M IPS(Intrusion Prevention System)集成入侵防御与检测、病毒过滤、带宽管理和URL过滤等功能,是业界综合防护技术最领先的入侵防御/检测系统。

通过深入到7层的分析与检测,实时阻断网络流量中隐藏的病毒、蠕虫、木马、间谍软件、网页篡改等攻击和恶意行为,实现对网络应用、网络基础设施和网络性能的全面保护。

SecPath T200-M IPS适用于小型网络的数据中心和中小型网络边界。

图1SecPath T200-M2 产品特点强大的入侵抵御能力SecPath IPS是业界唯一集成漏洞库、专业病毒库、应用协议库的IPS产品,特征库数量已达10000+。

配合H3C FIRST(Full Inspection with Rigorous State Test)专有引擎技术,能精确识别并实时防范各种网络攻击和滥用行为。

SecPath IPS通过了国际权威组织CVE(Common Vulnerabilities & Exposures,通用漏洞披露)的兼容性认证,在系统漏洞研究和攻击防御方面达到了业界顶尖水平。

专业的病毒查杀SecPath T200-M IPS集成卡巴斯基防病毒引擎,内置卡巴斯基专业病毒库。

采用第二代启发式代码分析技术、独特的实时监控脚本病毒拦截技术等多种最尖端的反病毒技术,能实时查杀大量文件型、网络型和混合型等各类病毒;并采用新一代虚拟脱壳和行为判断技术,准确查杀各种变种病毒、未知病毒。

零时差的应用保护H3C专业安全团队密切跟踪全球知名安全组织和厂商发布的安全公告,经过分析、验证所有这些威胁,生成保护操作系统、应用系统以及数据库漏洞的特征库;H3C通过了微软的MAPP (Microsoft Active Protections Program)认证,可以提前获得微软的漏洞信息。

H3C UTM统一威胁管理SecPath U系列产品介绍

系统管理 > 安全域管理
默认情况下,高优先级的安全域可以访问低优先级的安全域;低优先级的安全 域不允许访问高优先级的安全域 点击<编辑安全域>按钮

13
配置接口所属安全域
二层口需指定所属的vlan

14
配置ACL
策略管理 > ACL


10
配置防火墙接口
修改接口参数,如MTU、TCP MSS、工作模式、IP配置

11
配置接口所属安全域:
Internet
UnTrust
G0/1 UTM200S G0/2 G0/3
DMZ Trust

12
配置接口所属安全域:
输入名称

30
应用IPS段策略
对象管理 > 段策略 管理,点击< 新建段策略 > 点击“激活”

31
创建防病毒策略、规则
对象管理 > 防病毒管理 > 策略管理 > 创建策略
输入名称

32
应用防病毒段策略
对象管理 > 段策略 管理,点击< 新建段策略 > 点击“激活”
15

16
配置NAT
策略管理 > 地址转换策略 > 地址转换
策略管理 > 地址转换策略 > 内部服务器

17
配置访问控制策略-面向对象ACL
策略管理 > 访问控制策略 > 面向对象ACL

18
Vlan配置
系统管理 > 虚拟局域网 > VLAN >新建

37
协议内容审计
修改Notify动作

H3C SecPath U200-CS_U200-CM_U200-CA统一威胁管理产品 安装指导-5PW103-第6章 UTM设备的软件维护

目录6 UTM设备的软件维护..........................................................................................................................6-16.1 简介...................................................................................................................................................6-16.1.1 UTM设备管理的文件..............................................................................................................6-16.1.2 BootWare程序文件.................................................................................................................6-16.1.3 应用程序文件..........................................................................................................................6-16.1.4 配置文件.................................................................................................................................6-26.1.5 UTM设备的软件维护的几种方法............................................................................................6-26.2 BootWare菜单...................................................................................................................................6-36.2.1 BootWare主菜单.....................................................................................................................6-36.2.2 串口子菜单..............................................................................................................................6-66.2.3 以太网子菜单..........................................................................................................................6-66.2.4 文件控制子菜单......................................................................................................................6-76.2.5 BootWare操作子菜单.............................................................................................................6-76.2.6 存储设备操作子菜单...............................................................................................................6-86.3 通过串口升级BootWare和应用程序..................................................................................................6-86.3.1 XModem协议简介...................................................................................................................6-86.3.2 串口参数的修改......................................................................................................................6-96.3.3 升级应用程序........................................................................................................................6-106.3.4 升级BootWare......................................................................................................................6-126.4 通过TFTP升级应用程序..................................................................................................................6-146.4.1 在BootWare菜单中通过TFTP升级应用程序.........................................................................6-156.4.2 在命令行模式通过TFTP升级和备份应用程序.......................................................................6-176.5 通过FTP升级应用程序....................................................................................................................6-196.5.1 通过BootWare菜单升级应用程序.........................................................................................6-196.5.2 在命令模式下通过FTP升级应用程序....................................................................................6-206.6 应用程序以及配置文件的维护.........................................................................................................6-246.6.1 显示所有文件........................................................................................................................6-256.6.2 设置应用程序文件类型.........................................................................................................6-256.6.3 删除文件...............................................................................................................................6-266.6.4 设置下次启动配置文件.........................................................................................................6-276.7 口令的丢失处理和修改....................................................................................................................6-286.7.1 BootWare口令丢失处理和修改.............................................................................................6-286.7.2 用户口令丢失的处理.............................................................................................................6-286.7.3 Super Password口令丢失的处理..........................................................................................6-296.8 BootWare的备份和恢复..................................................................................................................6-306.8.1 备份完整BootWare...............................................................................................................6-306.8.2 恢复完整BootWare...............................................................................................................6-31 6.9 Web方式/i-Ware方式升级管理配置.................................................................................................6-326.9.1 概述......................................................................................................................................6-326.9.2 Web方式升级软件.................................................................................................................6-336.9.3 i-Ware方式升级特征库和维护配置文件................................................................................6-356 UTM设备的软件维护6.1 简介6.1.1 UTM设备管理的文件UTM设备有三类文件需要管理,分别是:z BootWare程序文件z应用程序文件z配置文件6.1.2 BootWare程序文件BootWare程序文件是UTM设备启动时用来引导应用程序的文件。

电信H3C SecPath U200-C

目录1 前言...................................................................................................................................................1-11.1 概述...................................................................................................................................................1-11.2 使用说明............................................................................................................................................1-11.3 缩略语...............................................................................................................................................1-12 安全注意事项.....................................................................................................................................2-12.1 基本要求............................................................................................................................................2-12.2 环境要求............................................................................................................................................2-12.3 使用须知............................................................................................................................................2-12.4 清洁须知............................................................................................................................................2-23 产品介绍............................................................................................................................................3-13.1 产品简介............................................................................................................................................3-13.2 应用环境............................................................................................................................................3-13.3 产品特性............................................................................................................................................3-13.4 产品外观............................................................................................................................................3-23.4.1 前面板.....................................................................................................................................3-23.4.2 后面板.....................................................................................................................................3-33.5 产品规格............................................................................................................................................3-44 开通前预配置.....................................................................................................................................4-14.1 环境准备............................................................................................................................................4-14.2 开箱检查............................................................................................................................................4-14.2.1 配件检查.................................................................................................................................4-14.2.2 设备ID检查..............................................................................................................................4-14.3 硬件连接............................................................................................................................................4-24.3.1 设备连线.................................................................................................................................4-24.3.2 开启电源.................................................................................................................................4-24.4 参数准备............................................................................................................................................4-34.4.1 设备登录参数..........................................................................................................................4-34.4.2 配置信息准备..........................................................................................................................4-34.5 登录操作............................................................................................................................................4-44.5.1 PC操作台设置.........................................................................................................................4-44.5.2 登录配置界面..........................................................................................................................4-44.6 开通前预配置.....................................................................................................................................4-44.6.1 配置向导.................................................................................................................................4-44.6.2 选择接入方式..........................................................................................................................4-64.6.4 配置允许进行远程Web登录的主机IP地址..............................................................................4-94.6.5 配置TR069管理平台............................................................................................................4-114.6.6 配置SNMP Trap上报主机地址和SNMP管理地址.................................................................4-124.6.7 配置远程Syslog主机地址......................................................................................................4-134.6.8 配置远程Userlog主机地址....................................................................................................4-144.7 配置状态检查...................................................................................................................................4-164.8 保存配置..........................................................................................................................................4-164.8.1 配置保存...............................................................................................................................4-164.8.2 装箱......................................................................................................................................4-185 产品安装............................................................................................................................................5-15.1 现场连接............................................................................................................................................5-15.2 设备加电............................................................................................................................................5-25.3 客户信息交付和告知..........................................................................................................................5-25.4 连接状态检测.....................................................................................................................................5-26 基本功能配置.....................................................................................................................................6-16.1 修改宽带上网参数.............................................................................................................................6-16.2 配置页面访问密码修改......................................................................................................................6-26.3 无线组网............................................................................................................................................6-36.3.1 使用出厂预配置的无线网络....................................................................................................6-36.3.2 添加新的无线网络...................................................................................................................6-36.4 访问控制............................................................................................................................................6-66.5 入侵检测............................................................................................................................................6-96.6 Web过滤..........................................................................................................................................6-126.6.1 功能简介...............................................................................................................................6-126.6.2 配置举例...............................................................................................................................6-166.7 IPS(入侵防御系统).....................................................................................................................6-216.8 防病毒.............................................................................................................................................6-216.9 应用程序控制...................................................................................................................................6-226.10 日志配置........................................................................................................................................6-236.11 会话管理........................................................................................................................................6-246.11.1 查看会话列表......................................................................................................................6-246.11.2 配置会话基本设置...............................................................................................................6-256.11.3 配置会话高级设置...............................................................................................................6-266.11.4 配置会话统计使能状态.......................................................................................................6-277 高级功能配置.....................................................................................................................................7-17.1 双线上行(双WAN连接).................................................................................................................7-17.1.1 综述........................................................................................................................................7-17.2 NAT(包含DMZ及虚拟服务器).......................................................................................................7-57.2.1 综述........................................................................................................................................7-57.2.2 配置举例(以GE0/1上配置NAT为例):..............................................................................7-5 7.3 DNS...................................................................................................................................................7-97.3.1 综述........................................................................................................................................7-97.3.2 配置......................................................................................................................................7-10 7.4 DHCP Server..................................................................................................................................7-117.4.1 综述......................................................................................................................................7-117.4.2 配置......................................................................................................................................7-12 7.5 内网网段划分及控制........................................................................................................................7-157.5.1 综述......................................................................................................................................7-157.5.2 配置......................................................................................................................................7-15 7.6 静态路由..........................................................................................................................................7-187.6.1 综述......................................................................................................................................7-187.6.2 配置......................................................................................................................................7-18 7.7 ARP管理..........................................................................................................................................7-197.7.1 ARP表...................................................................................................................................7-197.7.2 免费ARP...............................................................................................................................7-207.7.3 动态表项管理........................................................................................................................7-21 7.8 ARP防攻击......................................................................................................................................7-227.8.1 综述......................................................................................................................................7-227.8.2 配置......................................................................................................................................7-22 7.9 负载均衡..........................................................................................................................................7-247.9.1 综述......................................................................................................................................7-247.9.2 配置......................................................................................................................................7-24 7.10 虚拟专网(IPSec VPN)..............................................................................................................7-287.10.1 综述....................................................................................................................................7-287.10.2 配置....................................................................................................................................7-29 7.11 L2TP..............................................................................................................................................7-397.11.1 综述....................................................................................................................................7-397.11.2 配置....................................................................................................................................7-39 7.12 GRE..............................................................................................................................................7-427.12.1 综述....................................................................................................................................7-427.12.2 配置....................................................................................................................................7-42 7.13 流量监管........................................................................................................................................7-477.13.1 综述....................................................................................................................................7-477.13.2 配置举例.............................................................................................................................7-477.14 服务质量保证(QoS)..................................................................................................................7-497.14.1 综述....................................................................................................................................7-497.14.2 网段带宽限速配置...............................................................................................................7-507.14.3 高级带宽限速配置...............................................................................................................7-507.14.4 高级带宽保证配置...............................................................................................................7-527.15 无线加密/鉴权等配置.....................................................................................................................7-547.15.1 综述....................................................................................................................................7-547.15.2 配置....................................................................................................................................7-568 设备恢复和升级.................................................................................................................................8-18.1 恢复到开通前预配置..........................................................................................................................8-18.2 恢复到出厂预配置.............................................................................................................................8-18.3 设备升级............................................................................................................................................8-28.4 特征库升级........................................................................................................................................8-38.5 特征库License...................................................................................................................................8-49 设备运行状态查看..............................................................................................................................9-19.1 设备状态查看.....................................................................................................................................9-19.1.1 设备信息.................................................................................................................................9-19.1.2 接口状态.................................................................................................................................9-19.1.3 路由信息.................................................................................................................................9-29.1.4 VPN状态.................................................................................................................................9-29.1.5 无线状态.................................................................................................................................9-39.2 设备日志查看.....................................................................................................................................9-39.2.1 综述........................................................................................................................................9-39.2.2 设备访问日志..........................................................................................................................9-39.2.3 设备安全日志..........................................................................................................................9-410 故障诊断和处理方法......................................................................................................................10-110.1 常见故障列表.................................................................................................................................10-110.2 远程诊断........................................................................................................................................10-110.3 现场故障处理.................................................................................................................................10-210.4 诊断工具使用介绍.........................................................................................................................10-210.4.1 Ping工具.............................................................................................................................10-210.4.2 路由追踪工具(TraceRoute)............................................................................................10-3附录A 设备出厂预配置清单. (1)附录B Windows XP无线客户端配置 (1)附录C Windows XP配置动态获取IP地址 (1)附录D IPSec VPN客户端配置 (1)附录E 配置界面简介 (1)1 前言1.1 概述本手册面向H3C SecPath U200-C统一威胁管理产品的安装维护和技术支持工程师,用于指导其安装维护操作。

  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
可以快速地浏览各种互联网上的信息,可进行网上交谈、收发电 子邮件、获得所需要的信息等。 z 组建多个内部局域网功能,实现各局域网间安全隔离。通过 VLAN 功能用户能方便地在网络中快捷地组建宽带网络,而无需改变任 何硬件和通信线路。 z 无线内部组网功能,为您提供灵活方便的接入方式,您可以使用 支持无线网卡的电脑通过无线网络接入局域网,省去了连接电脑 与网络的网线,在您布线受限的条件下更能显出其优越性。您还 可针对不同部门设置不同的无线网络名称,设置不同的访问权限 和安全机制,例如为来访人员设置专用的无线网络名称。为避免 各无线网络之间的相互干扰,提供自动信道选择和手工配置两种 方式,默认采用自动信道选择方式。 z 完善的防火墙功能,基于 URL 的内容过滤、基于 IP 地址、IP 地 址段或基于用户的访问控制,保证内网安全。例如,您可以设置 URL 地址,过滤指定网站;设置 URL 关键字,过滤相关网站。您 还可以禁止部分电脑在工作日的 9:00-17:00 访问某些游戏娱 乐网站。 z 强大的入侵检测功能,本产品的入侵检测功能能够检测拒绝服务 (DoS)、扫描窥探、畸形报文等多种类型的攻击,并对攻击采 取合理的防范措施。包括黑名单过滤、报文攻击特征识别、流量 异常检测、入侵检测统计等。它分析经过本设备的报文的·············································································· 5-12 5.8 IPSec VPN ················································································· 5-14 5.9 入侵检测 ····················································································· 5-26 5.10 Web过滤··················································································· 5-30
目录
1 前言········································································································· 1-1 2 安全注意事项 ·························································································· 2-1 3 产品介绍·································································································· 3-1
3.3.1 前面板 ················································································ 3-3 3.3.2 后面板 ················································································ 3-5 4 基本连接配置 ·························································································· 4-1 4.1 建立有线连接················································································ 4-1 4.2 开启电源 ······················································································· 4-2 4.3 建立无线连接················································································ 4-2 5 业务功能介绍 ·························································································· 5-1 5.1 配置前的准备················································································ 5-1 5.1.1 登录Web配置界面······························································ 5-1 5.1.2 登录命令行配置界面 ·························································· 5-3 5.2 用户密码修改················································································ 5-4 5.3 配置接口IP地址 ············································································ 5-5 5.4 配置接口安全域 ············································································ 5-5 5.5 宽带上网 ······················································································· 5-6 5.6 无线组网 ······················································································· 5-7 5.6.1 使用出厂预配置的无线网络 ··············································· 5-7 5.6.2 添加新的无线网络······························································ 5-7
如果长时间使用设备,外壳会有一定程度的发热。请不必担心,这属 于正常现象,设备依旧能正常工作。
2-1
3 产品介绍
3.1 主要功能
本产品已经为您做了全面的预配置工作,您不再需要进行任何配置, 正确连接后即可使用。 本产品还为您提供了灵活的功能选项,您可以根据自己的需求进行功 能选择,您可以使用的功能包括: z 高速宽带上网功能,支持现行各种接入认证方式。通过此功能您
ii
1 前言
SecPath U200-C 统一威胁管理产品是 H3C 公司专门为品牌客户定制 的一款功能强大、性能卓越的终端产品,向您提供了一个灵活、安全 和完备的企业网络解决方案。它的配置简单、操作方便、使用灵活、 安全可靠。为了您更有效的了解和使用本产品,我们向您提供本产品 的用户使用手册,请您仔细阅读。 本手册包含: z 安全注意事项 z 产品介绍 z 基本连接配置 z 业务功能介绍 z 快速故障定位 z 附录A Windows XP配置动态获取IP地址 z 附录B IPSec VPN客户端配置
燥,以免引起触电或其它危险;请不要使用已破损或老化的电源 线。 z 请勿在无人监管的情况下让儿童使用设备;请勿让儿童玩耍设备 及小配件,避免因吞咽等行为产生危险。 z 如有不正常现象出现,如:冒烟、声音异常、有异味等,请立刻 停止使用,并断开电源,拔出电源插头。 z 安放设备时请在四周和顶部留出 10cm 以上的散热空间,并远离 热源或裸露的火源,例如电暖器、蜡烛等。 z 请勿在设备以及电源线或电源插头上放置任何物体。请不要拿物 体覆盖机箱的通风口。 z 清洁前,请先停止使用设备并切断电源。清洁时,请使用柔软的 干布擦拭设备外壳。 z 请勿自行拆卸设备,设备发生故障时请联系指定的维修点。
3.1 主要功能 ······················································································· 3-1 3.2 规格 ······························································································ 3-2 3.3 外观 ······························································································ 3-3
1-1
2 安全注意事项
在设备的安装和使用中,请注意下列安全事项: z 遇到雷雨天气时请停止使用设备,并断开电源,拔出电源线和电
话线,以免设备遭雷击损坏 z 请将设备放置于平稳工作台上,并安放在通风、无强光直射的环
境中。 z 在存储、运输和使用设备的过程中,必须严格保持干燥。若有液
体意外流入机箱,请立即断开电源,并与指定的维修点联系。 z 请使用设备配套的电源适配器等配件。请保持电源插头清洁、干
5.10.1 网站地址过滤 ································································· 5-31 5.10.2 URL参数过滤 ································································· 5-33 5.10.3 Java阻断 ········································································ 5-34 5.10.4 ActiveX阻断 ··································································· 5-35 5.11 防病毒······················································································· 5-36 5.12 高级网络功能············································································ 5-37 5.13 恢复到出厂配置 ········································································ 5-37 6 快速故障定位 ·························································································· 6-1 附录A Windows XP配置动态获取IP地址······················································· 1 附录B IPSec VPN客户端配置 ······································································· 1