h3c防火墻怎么樣設置
h3c防火墻怎么樣設置
h3c防火墻設置是怎么樣的呢?想讓防火墻更有效的防護我的h3c,該怎么辦呢?下面由學習啦小編給你做出詳細的h3c防火墻設置介紹!希望對你有幫助!
h3c防火墻設置一:
1、配置要求
1)防火墻的E0/2接口為TRUST區(qū)域,ip地址是:192.168.254.1/29;
2)防火墻的E1/2接口為UNTRUST區(qū)域,ip地址是:202.111.0.1/27;
3)內(nèi)網(wǎng)服務器對外網(wǎng)做一對一的地址映射,192.168.254.2、192.168.254.3分別映射為202.111.0.2、202.111.0.3;
4)內(nèi)網(wǎng)服務器訪問外網(wǎng)不做限制,外網(wǎng)訪問內(nèi)網(wǎng)只放通公網(wǎng)地址211.101.5.49訪問192.168.254.2的1433端口和192.168.254.3的80端口。
2、防火墻的配置腳本如下
#
sysname H3CF100A
#
super password level 3 cipher 6aQ>Q57-$.I)0;4:\(I41!!!
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
nat static inside ip 192.168.254.2 global ip 202.111.0.2
nat static inside ip 192.168.254.3 global ip 202.111.0.3
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
local-user net1980
password cipher ######
service-type telnet
level 2
#
aspf-policy 1
detect h323
detect sqlnet
detect rtsp
detect http
detect smtp
detect ftp
detect tcp
detect udp
#
object address 192.168.254.2/32 192.168.254.2 255.255.255.255
object address 192.168.254.3/32 192.168.254.3 255.255.255.255
#
acl number 3001
description out-inside
rule 1 permit tcp source 211.101.5.49 0 destination 192.168.254.2 0 destination-port eq 1433
rule 2 permit tcp source 211.101.5.49 0 destination 192.168.254.3 0 destination-port eq www
rule 1000 deny ip
acl number 3002
description inside-to-outside
rule 1 permit ip source 192.168.254.2 0
rule 2 permit ip source 192.168.254.3 0
rule 1000 deny ip
#
interface Aux0
async mode flow
#
interface Ethernet0/0
shutdown
#
interface Ethernet0/1
shutdown
#
interface Ethernet0/2
speed 100
duplex full
description to server
ip address 192.168.254.1 255.255.255.248
firewall packet-filter 3002 inbound
firewall aspf 1 outbound
#
interface Ethernet0/3
shutdown
#
interface Ethernet1/0
shutdown
#
interface Ethernet1/1
shutdown
#
interface Ethernet1/2
speed 100
duplex full
description to internet
ip address 202.111.0.1 255.255.255.224
firewall packet-filter 3001 inbound
firewall aspf 1 outbound
nat outbound static
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/2
set priority 85
#
firewall zone untrust
add interface Ethernet1/2
set priority 5
#
firewall zone DMZ
add interface Ethernet0/3
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
ip route-static 0.0.0.0 0.0.0.0 202.111.0.30 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
h3c防火墻設置二:
1、可以找一下買給你設備的人,讓他給你找人來上門服務。
2、也可以自己到官網(wǎng)上看看配置手冊。
h3c防火墻設置三:
一般步驟是:
1、配置接口地址,包括公網(wǎng)IP和內(nèi)網(wǎng)網(wǎng)關地址,
2、創(chuàng)建訪問列表,開放IP訪問,
3、做NAT轉(zhuǎn)換,
4、做DHCP,為局域網(wǎng)電腦分配IP。
一般接法是:
互聯(lián)網(wǎng)——防火墻——路由器——交換機,
防火墻做NAT地址轉(zhuǎn)換及流量控制,
路由器可做DHCP服務器,
交換機可做VLAN劃分。
看了“ h3c防火墻怎么樣設置”文章的還看了:
1.h3c路由器教程
2.isa如何限速