h3c secpath f100的配置和管理
2010-01-17 10:12
447 查看
[F100-A]dis current-configuration
下面是h3c f100系列防火墙的典型配置,希望对刚接触这款防火墙的朋友们有所帮助,大家有意见,可及时跟我联系。
#
sysname F100-A
#
undo firewall
packet-filter enable
firewall packet-filter default permit
#
undo
insulate
#
undo connection-limit enable
connection-limit default
deny
connection-limit default amount upper-limit 50 lower-limit
20
#
firewall statistic system enable
#
radius scheme
system
server-type extended
#
domain system
#
local-user
egb--aq
password cipher ]#R=WG;'I/ZGL^3L[[\1-A!!
service-type
telnet
level 3
#
aspf-policy 1
detect http
detect
smtp
detect ftp
detect tcp
detect udp
#
acl number
2000
rule 0 permit source 192.168.0.0 0.0.0.255
rule 1
deny
#
interface Virtual-Template1
#
interface Aux0
async mode
flow
#
interface Ethernet0/0
ip address 192.168.0.1
255.255.255.0
#
interface Ethernet1/0
ip address 121.81.231.130
255.255.255.224
ip address 121.81.231.132 255.255.255.224 sub
ip address
121.81.231.133 255.255.255.224 sub
ip address 121.81.231.134 255.255.255.224
sub
ip address 121.81.231.135 255.255.255.224 sub
ip address
121.81.231.136 255.255.255.224 sub
ip address 121.81.231.137 255.255.255.224
sub
ip address 121.81.231.138 255.255.255.224 sub
ip address
121.81.231.139 255.255.255.224 sub
ip address 121.81.231.131 255.255.255.224
sub
nat outbound 2000
nat server protocol tcp global 121.81.231.136 3000
inside 192.168.0.6 3000
nat server protocol tcp global 121.81.231.136 6000
inside 192.168.0.6 6000
nat server protocol tcp global 121.81.231.132 ftp
inside 192.168.0.3 ftp
nat server protocol tcp global 121.81.231.132 5631
inside 192.168.0.3 5631
nat server protocol tcp global 121.81.231.132 43958
inside 192.168.0.3 43958
nat server protocol tcp global 121.81.231.134 ftp
inside 192.168.0.4 ftp
nat server protocol tcp global 121.81.231.134 www
inside 192.168.0.4 www
nat server protocol tcp global 121.81.231.134 5631
inside 192.168.0.4 5631
nat server protocol tcp global 121.81.231.134 43958
inside 192.168.0.4 43958
nat server protocol tcp global 121.81.231.135 ftp
inside 192.168.0.5 ftp
nat server protocol tcp global 121.81.231.135 58169
inside 192.168.0.5 58169
nat server protocol tcp global 121.81.231.135 www
inside 192.168.0.5 www
nat server protocol tcp global 121.81.231.135 43958
inside 192.168.0.5 43958
nat server protocol tcp global 121.81.231.136 ftp
inside 192.168.0.6 ftp
nat server protocol tcp global 121.81.231.136 smtp
inside 192.168.0.6 smtp
nat server protocol tcp global 121.81.231.136 www
inside 192.168.0.6 www
nat server protocol tcp global 121.81.231.136 81
inside 192.168.0.6 81
nat server protocol tcp global 121.81.231.136 82
inside 192.168.0.6 82
nat server protocol tcp global 121.81.231.136 83
inside 192.168.0.6 83
nat server protocol tcp global 121.81.231.136 84
inside 192.168.0.6 84
nat server protocol tcp global 121.81.231.136 pop3
inside 192.168.0.6 pop3
nat server protocol tcp global 121.81.231.136 1433
inside 192.168.0.6 1433
nat server protocol tcp global 121.81.231.136 5150
inside 192.168.0.6 5150
nat server protocol tcp global 121.81.231.136 5631
inside 192.168.0.6 5631
nat server protocol tcp global 121.81.231.136 58169
inside 192.168.0.6 58169
nat server protocol tcp global 121.81.231.136 8080
inside 192.168.0.6 8080
nat server protocol tcp global 121.81.231.136 43958
inside 192.168.0.6 43958
nat server protocol tcp global 121.81.231.138 smtp
inside 192.168.0.8 smtp
nat server protocol tcp global 121.81.231.138 www
inside 192.168.0.8 www
nat server protocol tcp global 121.81.231.138 pop3
inside 192.168.0.8 pop3
nat server protocol tcp global 121.81.231.138 5631
inside 192.168.0.8 5631
nat server protocol tcp global 121.81.231.138 58169
inside 192.168.0.8 58169
nat server protocol tcp global 121.81.231.137 ftp
inside 192.168.0.9 ftp
nat server protocol tcp global 121.81.231.137 www
inside 192.168.0.9 www
nat server protocol tcp global 121.81.231.132 www
inside 192.168.0.3 www
nat server protocol tcp global 121.81.231.137 81
inside 192.168.0.9 81
nat server protocol tcp global 121.81.231.137 82
inside 192.168.0.9 82
nat server protocol tcp global 121.81.231.137 83
inside 192.168.0.9 83
nat server protocol tcp global 121.81.231.137 1433
inside 192.168.0.9 1433
nat server protocol tcp global 121.81.231.137 5631
inside 192.168.0.9 5631
nat server protocol tcp global 121.81.231.137 43958
inside 192.168.0.9 43958
nat server protocol tcp global 121.81.231.137 58169
inside 192.168.0.9 58169
nat server protocol tcp global 121.81.231.136 88
inside 192.168.0.6 88
nat server protocol tcp global 121.81.231.137 84
inside 192.168.0.9 84
nat server protocol tcp global 121.81.231.137 85
inside 192.168.0.9 85
nat server protocol tcp global 121.81.231.137 86
inside 192.168.0.9 86
nat server protocol tcp global 121.81.231.137 87
inside 192.168.0.9 87
nat server protocol tcp global 121.81.231.137 88
inside 192.168.0.9 88
nat server protocol tcp global 121.81.231.137 smtp
inside 192.168.0.9 smtp
nat server protocol tcp global 121.81.231.137 8080
inside 192.168.0.9 8080
nat server protocol tcp global 121.81.231.137 5080
inside 192.168.0.9 5080
nat server protocol tcp global 121.81.231.137 1935
inside 192.168.0.9 1935
nat server protocol udp global 121.81.231.137 5555
inside 192.168.0.9 5555
nat server protocol tcp global 121.81.231.132 58169
inside 192.168.0.3 58169
nat server protocol tcp global 121.81.231.134 58169
inside 192.168.0.4 58169
nat server protocol tcp global 121.81.231.135 5631
inside 192.168.0.5 5631
nat server protocol tcp global 121.81.231.136 6100
inside 192.168.0.6 6100
nat server protocol tcp global 121.81.231.139 www
inside 192.168.0.12 www
nat server protocol tcp global 121.81.231.139 58169
inside 192.168.0.12 58169
nat server protocol tcp global 121.81.231.139
58189 inside 192.168.0.12 58189
nat server protocol tcp global
121.81.231.139 5631 inside 192.168.0.12 5631
nat server protocol tcp global
121.81.231.137 89 inside 192.168.0.9 89
nat server protocol tcp global
121.81.231.134 58269 inside 192.168.0.4 58269
nat server protocol udp global
121.81.231.134 58269 inside 192.168.0.4 58269
nat server protocol tcp global
121.81.231.133 www inside 192.168.0.13 www
nat server protocol tcp global
121.81.231.135 1935 inside 192.168.0.5 1935
nat server protocol tcp global
121.81.231.135 5080 inside 192.168.0.5 5080
nat server protocol tcp global
121.81.231.132 1755 inside 192.168.0.3 1755
nat server protocol tcp global
121.81.231.137 1755 inside 192.168.0.9 1755
nat server protocol tcp global
121.81.231.137 554 inside 192.168.0.9 554
nat server protocol tcp global
121.81.231.135 5551 inside 192.168.0.5 5551
nat server protocol tcp global
121.81.231.131 www inside 192.168.0.204 www
nat server protocol tcp global
121.81.231.134 81 inside 192.168.0.4 81
nat server protocol tcp global
121.81.231.136 1935 inside 192.168.0.6 1935
nat server protocol tcp global
121.81.231.140 www inside 192.168.0.10 www
nat server protocol udp global
121.81.231.137 dns inside 192.168.0.9 dns
nat server protocol tcp global
121.81.231.135 58189 inside 192.168.0.5 58189
nat server protocol tcp global
121.81.231.141 www inside 192.168.0.11 www
#
interface
Ethernet1/1
#
interface Ethernet1/2
#
interface
NULL0
#
firewall zone local
set priority 100
#
firewall zone
trust
add interface Ethernet0/0
set priority 85
statistic enable ip
inzone
statistic enable ip outzone
#
firewall zone untrust
add
interface Ethernet1/0
add interface Ethernet1/1
add interface
Ethernet1/2
set priority 5
statistic enable ip inzone
statistic
enable ip outzone
#
firewall zone DMZ
set priority 50
#
firewall
interzone local trust
#
firewall interzone local untrust
#
firewall
interzone local DMZ
#
firewall interzone trust untrust
#
firewall
interzone trust DMZ
#
firewall interzone DMZ untrust
#
undo
info-center enable
#
FTP server enable
#
ip route-static 0.0.0.0
0.0.0.0 121.81.231.129 preference 1
#
firewall defend
ip-spoofing
firewall defend land
firewall defend smurf
firewall
defend fraggle
firewall defend winnuke
firewall defend
icmp-redirect
firewall defend icmp-unreachable
firewall defend
source-route
firewall defend route-record
firewall defend
tracert
firewall defend ping-of-death
firewall defend
tcp-flag
firewall defend ip-fragment
firewall defend
large-icmp
firewall defend teardrop
firewall defend
ip-sweep
firewall defend port-scan
firewall defend
arp-spoofing
firewall defend arp-reverse-query
firewall defend
arp-flood
firewall defend frag-flood
firewall defend syn-flood
enable
firewall defend udp-flood enable
firewall defend icmp-flood
enable
firewall defend syn-flood zone trust
firewall defend udp-flood
zone trust
firewall defend syn-flood zone untrust
firewall defend
udp-flood zone untrust
#
user-interface con 0
authentication-mode
password
set authentication password cipher
XB-'KG=+=J^UJ;&DL'U46Q!!
user-interface aux 0
user-interface vty 0
4
authentication-mode scheme
#
return
[F100-A]
下面是h3c f100系列防火墙的典型配置,希望对刚接触这款防火墙的朋友们有所帮助,大家有意见,可及时跟我联系。
#
sysname F100-A
#
undo firewall
packet-filter enable
firewall packet-filter default permit
#
undo
insulate
#
undo connection-limit enable
connection-limit default
deny
connection-limit default amount upper-limit 50 lower-limit
20
#
firewall statistic system enable
#
radius scheme
system
server-type extended
#
domain system
#
local-user
egb--aq
password cipher ]#R=WG;'I/ZGL^3L[[\1-A!!
service-type
telnet
level 3
#
aspf-policy 1
detect http
detect
smtp
detect ftp
detect tcp
detect udp
#
acl number
2000
rule 0 permit source 192.168.0.0 0.0.0.255
rule 1
deny
#
interface Virtual-Template1
#
interface Aux0
async mode
flow
#
interface Ethernet0/0
ip address 192.168.0.1
255.255.255.0
#
interface Ethernet1/0
ip address 121.81.231.130
255.255.255.224
ip address 121.81.231.132 255.255.255.224 sub
ip address
121.81.231.133 255.255.255.224 sub
ip address 121.81.231.134 255.255.255.224
sub
ip address 121.81.231.135 255.255.255.224 sub
ip address
121.81.231.136 255.255.255.224 sub
ip address 121.81.231.137 255.255.255.224
sub
ip address 121.81.231.138 255.255.255.224 sub
ip address
121.81.231.139 255.255.255.224 sub
ip address 121.81.231.131 255.255.255.224
sub
nat outbound 2000
nat server protocol tcp global 121.81.231.136 3000
inside 192.168.0.6 3000
nat server protocol tcp global 121.81.231.136 6000
inside 192.168.0.6 6000
nat server protocol tcp global 121.81.231.132 ftp
inside 192.168.0.3 ftp
nat server protocol tcp global 121.81.231.132 5631
inside 192.168.0.3 5631
nat server protocol tcp global 121.81.231.132 43958
inside 192.168.0.3 43958
nat server protocol tcp global 121.81.231.134 ftp
inside 192.168.0.4 ftp
nat server protocol tcp global 121.81.231.134 www
inside 192.168.0.4 www
nat server protocol tcp global 121.81.231.134 5631
inside 192.168.0.4 5631
nat server protocol tcp global 121.81.231.134 43958
inside 192.168.0.4 43958
nat server protocol tcp global 121.81.231.135 ftp
inside 192.168.0.5 ftp
nat server protocol tcp global 121.81.231.135 58169
inside 192.168.0.5 58169
nat server protocol tcp global 121.81.231.135 www
inside 192.168.0.5 www
nat server protocol tcp global 121.81.231.135 43958
inside 192.168.0.5 43958
nat server protocol tcp global 121.81.231.136 ftp
inside 192.168.0.6 ftp
nat server protocol tcp global 121.81.231.136 smtp
inside 192.168.0.6 smtp
nat server protocol tcp global 121.81.231.136 www
inside 192.168.0.6 www
nat server protocol tcp global 121.81.231.136 81
inside 192.168.0.6 81
nat server protocol tcp global 121.81.231.136 82
inside 192.168.0.6 82
nat server protocol tcp global 121.81.231.136 83
inside 192.168.0.6 83
nat server protocol tcp global 121.81.231.136 84
inside 192.168.0.6 84
nat server protocol tcp global 121.81.231.136 pop3
inside 192.168.0.6 pop3
nat server protocol tcp global 121.81.231.136 1433
inside 192.168.0.6 1433
nat server protocol tcp global 121.81.231.136 5150
inside 192.168.0.6 5150
nat server protocol tcp global 121.81.231.136 5631
inside 192.168.0.6 5631
nat server protocol tcp global 121.81.231.136 58169
inside 192.168.0.6 58169
nat server protocol tcp global 121.81.231.136 8080
inside 192.168.0.6 8080
nat server protocol tcp global 121.81.231.136 43958
inside 192.168.0.6 43958
nat server protocol tcp global 121.81.231.138 smtp
inside 192.168.0.8 smtp
nat server protocol tcp global 121.81.231.138 www
inside 192.168.0.8 www
nat server protocol tcp global 121.81.231.138 pop3
inside 192.168.0.8 pop3
nat server protocol tcp global 121.81.231.138 5631
inside 192.168.0.8 5631
nat server protocol tcp global 121.81.231.138 58169
inside 192.168.0.8 58169
nat server protocol tcp global 121.81.231.137 ftp
inside 192.168.0.9 ftp
nat server protocol tcp global 121.81.231.137 www
inside 192.168.0.9 www
nat server protocol tcp global 121.81.231.132 www
inside 192.168.0.3 www
nat server protocol tcp global 121.81.231.137 81
inside 192.168.0.9 81
nat server protocol tcp global 121.81.231.137 82
inside 192.168.0.9 82
nat server protocol tcp global 121.81.231.137 83
inside 192.168.0.9 83
nat server protocol tcp global 121.81.231.137 1433
inside 192.168.0.9 1433
nat server protocol tcp global 121.81.231.137 5631
inside 192.168.0.9 5631
nat server protocol tcp global 121.81.231.137 43958
inside 192.168.0.9 43958
nat server protocol tcp global 121.81.231.137 58169
inside 192.168.0.9 58169
nat server protocol tcp global 121.81.231.136 88
inside 192.168.0.6 88
nat server protocol tcp global 121.81.231.137 84
inside 192.168.0.9 84
nat server protocol tcp global 121.81.231.137 85
inside 192.168.0.9 85
nat server protocol tcp global 121.81.231.137 86
inside 192.168.0.9 86
nat server protocol tcp global 121.81.231.137 87
inside 192.168.0.9 87
nat server protocol tcp global 121.81.231.137 88
inside 192.168.0.9 88
nat server protocol tcp global 121.81.231.137 smtp
inside 192.168.0.9 smtp
nat server protocol tcp global 121.81.231.137 8080
inside 192.168.0.9 8080
nat server protocol tcp global 121.81.231.137 5080
inside 192.168.0.9 5080
nat server protocol tcp global 121.81.231.137 1935
inside 192.168.0.9 1935
nat server protocol udp global 121.81.231.137 5555
inside 192.168.0.9 5555
nat server protocol tcp global 121.81.231.132 58169
inside 192.168.0.3 58169
nat server protocol tcp global 121.81.231.134 58169
inside 192.168.0.4 58169
nat server protocol tcp global 121.81.231.135 5631
inside 192.168.0.5 5631
nat server protocol tcp global 121.81.231.136 6100
inside 192.168.0.6 6100
nat server protocol tcp global 121.81.231.139 www
inside 192.168.0.12 www
nat server protocol tcp global 121.81.231.139 58169
inside 192.168.0.12 58169
nat server protocol tcp global 121.81.231.139
58189 inside 192.168.0.12 58189
nat server protocol tcp global
121.81.231.139 5631 inside 192.168.0.12 5631
nat server protocol tcp global
121.81.231.137 89 inside 192.168.0.9 89
nat server protocol tcp global
121.81.231.134 58269 inside 192.168.0.4 58269
nat server protocol udp global
121.81.231.134 58269 inside 192.168.0.4 58269
nat server protocol tcp global
121.81.231.133 www inside 192.168.0.13 www
nat server protocol tcp global
121.81.231.135 1935 inside 192.168.0.5 1935
nat server protocol tcp global
121.81.231.135 5080 inside 192.168.0.5 5080
nat server protocol tcp global
121.81.231.132 1755 inside 192.168.0.3 1755
nat server protocol tcp global
121.81.231.137 1755 inside 192.168.0.9 1755
nat server protocol tcp global
121.81.231.137 554 inside 192.168.0.9 554
nat server protocol tcp global
121.81.231.135 5551 inside 192.168.0.5 5551
nat server protocol tcp global
121.81.231.131 www inside 192.168.0.204 www
nat server protocol tcp global
121.81.231.134 81 inside 192.168.0.4 81
nat server protocol tcp global
121.81.231.136 1935 inside 192.168.0.6 1935
nat server protocol tcp global
121.81.231.140 www inside 192.168.0.10 www
nat server protocol udp global
121.81.231.137 dns inside 192.168.0.9 dns
nat server protocol tcp global
121.81.231.135 58189 inside 192.168.0.5 58189
nat server protocol tcp global
121.81.231.141 www inside 192.168.0.11 www
#
interface
Ethernet1/1
#
interface Ethernet1/2
#
interface
NULL0
#
firewall zone local
set priority 100
#
firewall zone
trust
add interface Ethernet0/0
set priority 85
statistic enable ip
inzone
statistic enable ip outzone
#
firewall zone untrust
add
interface Ethernet1/0
add interface Ethernet1/1
add interface
Ethernet1/2
set priority 5
statistic enable ip inzone
statistic
enable ip outzone
#
firewall zone DMZ
set priority 50
#
firewall
interzone local trust
#
firewall interzone local untrust
#
firewall
interzone local DMZ
#
firewall interzone trust untrust
#
firewall
interzone trust DMZ
#
firewall interzone DMZ untrust
#
undo
info-center enable
#
FTP server enable
#
ip route-static 0.0.0.0
0.0.0.0 121.81.231.129 preference 1
#
firewall defend
ip-spoofing
firewall defend land
firewall defend smurf
firewall
defend fraggle
firewall defend winnuke
firewall defend
icmp-redirect
firewall defend icmp-unreachable
firewall defend
source-route
firewall defend route-record
firewall defend
tracert
firewall defend ping-of-death
firewall defend
tcp-flag
firewall defend ip-fragment
firewall defend
large-icmp
firewall defend teardrop
firewall defend
ip-sweep
firewall defend port-scan
firewall defend
arp-spoofing
firewall defend arp-reverse-query
firewall defend
arp-flood
firewall defend frag-flood
firewall defend syn-flood
enable
firewall defend udp-flood enable
firewall defend icmp-flood
enable
firewall defend syn-flood zone trust
firewall defend udp-flood
zone trust
firewall defend syn-flood zone untrust
firewall defend
udp-flood zone untrust
#
user-interface con 0
authentication-mode
password
set authentication password cipher
XB-'KG=+=J^UJ;&DL'U46Q!!
user-interface aux 0
user-interface vty 0
4
authentication-mode scheme
#
return
[F100-A]
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- h3c secpath f100的配置和管理
- H3C SecPath F100系列防火墙配置
- H3C SecPath F100-A防火墙透明模式典型配置
- H3C SecPath F100-C 防火墙配置说明
- h3c secpath f100-c的一些配置
- H3C SecPath F100-C 防火墙配置说明
- H3C SecPath F100-C 防火墙配置说明
- H3C SecPath F100系列防火墙配置
- H3C SecPath F100 系列防火墙基本配置
- H3C SecPath F100-C 防火墙默认配置
- H3C SecPath防火墙GRE+IPSEC+OSPF典型配置举例
- H3C SecPath防火墙GRE+IPSEC+OSPF典型配置举例
- H3C SecPath UTM 特征库升级的典型配置
- H3C SecPath DAR特性(BT限流)典型配置
- H3C SecPath F100-C-EI防火墙设置一例
- H3C MSR30-40+SecPath f100-s+switch 组网