防火墙配置基本
2017-11-28 00:08
267 查看
域:默认有几个系统自定义的区域local、trust、untrust、dmz,每个区域有各自的优先级;
域间安全策略
outbound代表数据包出方向,即从设备的某接口出去的方向
inbound代表数据包进方向,即由设备的某接口进来的方向
端口配置IP、vrrpIP:
interface GigabitEthernet0/0/6
combo enable fiber
description TO_6505_F5
ip address 10.10.18.2 255.255.255.128
vrrp vrid 3 virtual-ip 10.10.18.1 master
配置zone的端口、优先级:
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet0/0/6
自定义zone:
firewall zone name dmz2
set priority 55
detect ftp
detect rtsp
detect pptp
firewall interzone命令用来创建安全域间,并进入安全域间视图。
firewall interzone zone-name1 zone-name2
firewall zone dmz
set priority 50
add interface GigabitEthernet0/0/2
firewall interzone ha untrust2
detect ftp
detect pptp
detect rtsp
ip route-static 0.0.0.0 0.0.0.0 18.23.3.201
ip address-set report type group
description all report
ip address-set _10.0.14.0 type object
address 0 10.0.14.0 mask 24
ip service-set hh_service type group
description hh_service
service 0 service-set ftp
service 1 service-set telnet
ip service-set new_tcp type object
service 0 protocol tcp source-port 0 to 65535 destination-port 9090
service 1 protocol tcp source-port 0 to 65535 destination-port 8008
policy interzone trust untrust inbound
policy 12
action permit
policy logging
policy service service-set dns服务器端口
policy source address-set dns服务器1
policy source address-set dns服务器2
policy source address-set dns服务器3
policy destination address-set mip(28.3.63.16)
policy interzone trust untrust outbound
policy 3
action permit
policy logging
policy service service-set dsmp
policy source address-set inter_mmsc
policy destination address-set dsmp
域间安全策略
outbound代表数据包出方向,即从设备的某接口出去的方向
inbound代表数据包进方向,即由设备的某接口进来的方向
端口配置IP、vrrpIP:
interface GigabitEthernet0/0/6
combo enable fiber
description TO_6505_F5
ip address 10.10.18.2 255.255.255.128
vrrp vrid 3 virtual-ip 10.10.18.1 master
配置zone的端口、优先级:
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet0/0/6
自定义zone:
firewall zone name dmz2
set priority 55
detect ftp
detect rtsp
detect pptp
firewall interzone命令用来创建安全域间,并进入安全域间视图。
firewall interzone zone-name1 zone-name2
firewall zone dmz
set priority 50
add interface GigabitEthernet0/0/2
firewall interzone ha untrust2
detect ftp
detect pptp
detect rtsp
ip route-static 0.0.0.0 0.0.0.0 18.23.3.201
ip address-set report type group
description all report
ip address-set _10.0.14.0 type object
address 0 10.0.14.0 mask 24
ip service-set hh_service type group
description hh_service
service 0 service-set ftp
service 1 service-set telnet
ip service-set new_tcp type object
service 0 protocol tcp source-port 0 to 65535 destination-port 9090
service 1 protocol tcp source-port 0 to 65535 destination-port 8008
policy interzone trust untrust inbound
policy 12
action permit
policy logging
policy service service-set dns服务器端口
policy source address-set dns服务器1
policy source address-set dns服务器2
policy source address-set dns服务器3
policy destination address-set mip(28.3.63.16)
policy interzone trust untrust outbound
policy 3
action permit
policy logging
policy service service-set dsmp
policy source address-set inter_mmsc
policy destination address-set dsmp
相关文章推荐
- 华为防火墙USG基本配置
- (2)防火墙的基本配置---1安全域和端口
- 华为USG防火墙基本配置
- cisco ASA 防火墙安全算法原理和基本配置(转自http://xiaoxiao1001.blog.51cto.com/7640562/1300161)
- 【linux】Ubuntu上的防火墙iptables的基本配置与使用
- linux中防火墙的基本配置
- linux中防火墙的基本配置(二)
- ASA 防火墙基本配置
- CentOS 7 firewalld防火墙的基本配置
- cisco ASA 防火墙安全算法原理和基本配置 (一)
- rhel7的基本操作(查看IP配置,关闭防火墙,临时或永久关闭selinux,常用命 16ca 令操作)
- windows防火墙的算法及基本配置
- iptables防火墙基本配置
- 防火墙基本配置
- iptables防火墙的基本配置
- iptables 防火墙基本配置
- 防火墙配置十大任务之四,有NAT要素的两个接口的基本配置
- 防火墙的基本配置
- 华为USG防火墙基本配置