当前位置:文档之家 › HC防火墙配置实例

HC防火墙配置实例

  • 格式:docx
  • 大小:37.97 KB
  • 文档页数:3

下载文档原格式

  / 3
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

本文为大家介绍一个H3C防火墙的配置实例,配置内容包括:配置接口IP地址、配置区域、配置NAT地址转换、配置访问策略等,组网拓扑及需求如下。

1、网络拓扑图

outside El/2; 202 111. 0. 1-27

H3CF100A

inside 冋2 l般.254, 1/24

1*32. 168. 254,2/24

2、配置要求

1)防火墙的E0/2接口为TRUST区域,ip地址是:;

2)防火墙的E1/2接口为UNTRUST区域,ip地址是:;

3)内网服务器对外网做一对一的地址映射,、分别映射为、;

4)内网服务器访问外网不做限制,外网访问内网只放通公网地址访问的3、防火墙的配置脚本如下dis cur sys name H3CF100A

# super password level 3 cipher 6aQ>Q57-$.l)0;4:\(l41!!!

#

firewall packet-filter en able

firewall packet-filter default permit

# in sulate

#

nat static in side ip global ip static in side ip global ip statistic system en able

#

radius scheme system

server-type exte nded

#

domai n system

#

local-user net1980

password cipher ######

service-type telnet

level 2 1433端口和的80端口

Internet

#

aspf-policy 1

detect h323

detect sqlnet

detect rtsp

detect http

detect smtp

detect ftp

detect tcp

detect udp

#

object address address n umber 3001

descripti on out-i nside

rule 1 permit tcp source 0 desti nati on 0 dest in ati on-port eq 1433 rule 2 permit tcp source 0 dest in ati on 0 dest in ati on-port eq www rule 1000 deny ip

acl number 3002

descripti on in side-to-outside

rule 1 permit ip source 0

rule 2 permit ip source 0

rule 1000 deny ip

#

in terface Aux0

async mode flow

#

in terface Ethernet0/0

shutdow n

#

in terface Ethernet0/1

shutdow n

#

in terface Ethernet0/2

speed 100

duplex full

descripti on to server

ip address packet-filter 3002 in bou nd

firewall aspf 1 outbou nd

#

in terface EthernetO/3

shutdow n

#

in terface Ether net1/0

shutdow n

#

in terface Ethernet1/1

shutdow n

#

in terface Ether net1/2

speed 100

duplex full

descripti on to in ter net

ip address packet-filter 3001 in bou nd firewall aspf 1 outbou nd nat outbou nd static

#

in terface NULL0

#

firewall zone local

set priority 100

#

firewall zone trust

add in terface Ether net0/2

set priority 85

#

firewall zone un trust

add in terface Ether net1/2

set priority 5

#

firewall zone DMZ

add in terface Ether net0/3

set priority 50

#

firewall interzone local trust

#

firewall in terz one local un trust

#

firewall in terz one local DMZ

#

firewall in terz one trust un trust

#

firewall in terz one trust DMZ

#

firewall in terz one DMZ un trust

#

ip route-static prefere nee 60

#

user- in terfaee eon 0

user- in terfaee aux 0

user- in terfaee vty 0 4

authe nticati on-m ode scheme

#

return

相关主题