您好,欢迎访问三七文档
防火墙配置:SRGdiscurrent-configuration#显示当前配置[SRG]stpregion-configuration#进入MST视图[SRG]activeregion-configuration#激活MST配置[SRG]interfaceGigabitEthernet0/0/0#进入GE0/0/0端口[SRG-GigabitEthernet0/0/0]aliasGE0/GMT#别名GE0管理[SRG-GigabitEthernet0/0/0]ipadd192.168.100.1255.255.255.0#端口配置IP[SRG-GigabitEthernet0/0/0]dhcpselectinterface#客户端从接口地址池中通过dhcp自动获取IP地址[SRG-GigabitEthernet0/0/0]dhcpservergateway-list192.168.100.1#DHCP服务默认网关[SRG-GigabitEthernet0/0/0]dhcpserverdns-list8.8.8.8#DNCP默认DNS[SRG-GigabitEthernet0/0/1]ipadd192.168.200.1255.255.255.0#配置端口IP[SRG-GigabitEthernet0/0/2]ipadd211.1.1.1255.255.255.0#配置公网IP[SRG]interfaceNULL0#建立伪接口,进行包的分发。当宝的目的和路由不匹配时候,则通过NULL0丢弃ps:如果通过默认路由进行分发的话就会形成环路[SRG]firewallzoneuntrust#进入防火墙不信任区域[SRG-zone-trust]addinterfaceGigabitEthernet0/0/2#添加不信任区域端口[SRG]firewallzonetrust#进入防火墙信任区域[SRG-zone-trust]addinterfaceGigabitEthernet0/0/0#添加信任区域端口[SRG]firewallzonedmz#进入防火墙了隔离区域[SRG-zone-trust]addinterfaceGigabitEthernet0/0/1#添加隔离区域端口[SRG]firewallzonenameusr1#添加区域[SRG-zone-usr1]setpriority86#设置优先级[SRG-zone-usr1]addinterfaceGigabitEthernet0/0/8#添加端口[SRG-zone-usr1]aaa#aaa认证协议[SRG-aaa]local-useradminpasswordcipher123456#设置用户名和加密密码[SRG-aaa]local-useradminservice-typewebterminaltelnet#允许三种登入方式[SRG-aaa]local-useradminlevel15#设置等级为15级[SRG-aaa]authentication-schemedefault#验证方式默认及本地设备验证[SRG-aaa]authorization-schemedefault#验证方式默认及本地设备验证[SRG-aaa]accounting-schemedefault#验证方式默认及本地设备验证[SRG-aaa]domaindefault#域缺省[SRG]nqa-jittertag-version1[SRG]bannerenable[SRG]user-interfacecon0[SRG-ui-console0]authentication-modeaaa允许登陆模式为aaa[SRG]user-interfacevty04[SRG-ui-vty0-4]uthentication-modeaaa[SRG-ui-vty0-4]protocolinboundall#允许所有登陆协议[SRG]slb#负载均衡[SRG-slb]rserver1rip192.168.200.201weight32healthchk[SRG-slb]rserver2rip192.168.200.202weight32healthchk[SRG-slb]rserver3rip192.168.200.203weight32healthchk[SRG-slb]groupg1[SRG-slb-group-g1]metricroundrobin#加权轮询算法分配连接[SRG-slb-group-g1]addrserver1[SRG-slb-group-g1]addrserver2[SRG-slb-group-g1]addrserver3[SRG-slb]vserverser1vip211.1.1.200groupg1[SRG]firewallpacket-filterdefaultpermitinterzonelocaltrustdirectioninbound[SRG]firewallpacket-filterdefaultpermitinterzonelocaltrustdirectionoutbound#开启域间包过滤规则使得local和trust能ping通[SRG]firewallpacket-filterdefaultpermitinterzonelocaluntrustdirectioninbound[SRG]firewallpacket-filterdefaultpermitinterzonelocaluntrustdirectionoutbound[SRG]firewallpacket-filterdefaultpermitinterzonelocaldmzdirectioninbound[SRG]firewallpacket-filterdefaultpermitinterzonelocaldmzdirectionoutbound[SRG]firewallpacket-filterdefaultpermitinterzonedmzuntrustdirectionoutbound
三七文档所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
扫描二维码
冥帅
本文标题:华为防火墙配置
链接地址:https://www.777doc.com/doc-6037468 .html