HC防火墙配置实例
- 格式:docx
- 大小:37.97 KB
- 文档页数:3
本文为大家介绍一个H3C防火墙的配置实例,配置内容包括:配置接口IP地址、配置区域、配置NAT地址转换、配置访问策略等,组网拓扑及需求如下。
1、网络拓扑图
outside El/2; 202 111. 0. 1-27
H3CF100A
inside 冋2 l般.254, 1/24
1*32. 168. 254,2/24
2、配置要求
1)防火墙的E0/2接口为TRUST区域,ip地址是:;
2)防火墙的E1/2接口为UNTRUST区域,ip地址是:;
3)内网服务器对外网做一对一的地址映射,、分别映射为、;
4)内网服务器访问外网不做限制,外网访问内网只放通公网地址访问的3、防火墙的配置脚本如下
# super password level 3 cipher 6aQ>Q57-$.l)0;4:\(l41!!!
#
firewall packet-filter en able
firewall packet-filter default permit
# in sulate
#
nat static in side ip global ip static in side ip global ip statistic system en able
#
radius scheme system
server-type exte nded
#
domai n system
#
local-user net1980
password cipher ######
service-type telnet
level 2 1433端口和的80端口
Internet
#
aspf-policy 1
detect h323
detect sqlnet
detect rtsp
detect http
detect smtp
detect ftp
detect tcp
detect udp
#
object address address n umber 3001
descripti on out-i nside
rule 1 permit tcp source 0 desti nati on 0 dest in ati on-port eq 1433 rule 2 permit tcp source 0 dest in ati on 0 dest in ati on-port eq www rule 1000 deny ip
acl number 3002
descripti on in side-to-outside
rule 1 permit ip source 0
rule 2 permit ip source 0
rule 1000 deny ip
#
in terface Aux0
async mode flow
#
in terface Ethernet0/0
shutdow n
#
in terface Ethernet0/1
shutdow n
#
in terface Ethernet0/2
speed 100
duplex full
descripti on to server
ip address packet-filter 3002 in bou nd
firewall aspf 1 outbou nd
#
in terface EthernetO/3
shutdow n
#
in terface Ether net1/0
shutdow n
#
in terface Ethernet1/1
shutdow n
#
in terface Ether net1/2
speed 100
duplex full
descripti on to in ter net
ip address packet-filter 3001 in bou nd firewall aspf 1 outbou nd nat outbou nd static
#
in terface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add in terface Ether net0/2
set priority 85
#
firewall zone un trust
add in terface Ether net1/2
set priority 5
#
firewall zone DMZ
add in terface Ether net0/3
set priority 50
#
firewall interzone local trust
#
firewall in terz one local un trust
#
firewall in terz one local DMZ
#
firewall in terz one trust un trust
#
firewall in terz one trust DMZ
#
firewall in terz one DMZ un trust
#
ip route-static prefere nee 60
#
user- in terfaee eon 0
user- in terfaee aux 0
user- in terfaee vty 0 4
authe nticati on-m ode scheme
#
return